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^  '  A  Wider  Net 

AT&T’s  golden  age  may  be 
past,  but  Golden  Boy  remains 

Well-traveled  icon  has  gained  admirers,  lost 
manhood  along  the  way. 

■  BY  DENISE  PAPPALARDO 


States  propping 
cyberalert  plan 


■  BY  DENISE  DUBIE 

The  IT  Infrastructure  Library,  a 
set  of  management  best  prac¬ 
tices  that  has  long  been  popular 


in  Europe,  finally  is  starting  to 
make  waves  in  the  U.S. 

Some  U.S. organizations  such  as 
Procter  &  Gamble  have  used  1TIL 
to  great  effect,  letting  them  slash 


■  BY  TIM  GREENE 

PROVIDENCE,  R.I.— Looking  to 
gauge  the  risk  of  attacks  against 
their  networks,  state  officials  this 
week  will  vote  on  new  measures 
that  would  assess  threats  and  dic¬ 
tate  specific  actions  to  take  to 
protect  key  resources. 

If  adopted,  the  common  alert- 
level  procedures  would  color- 
code  the  threat  to  state  net¬ 
works  (see  graphic,  page  48) 
and  recommend  action  to  take 
in  response  to  specific  threats. 
The  proposed  cybersecurity 
alert  system  would  establish  a 
secure  Web  site  state  officials 
could  tap  to  determine  why 
each  state  has  the  security  rank¬ 
ing  it  does  and  whether  they 
should  take  action  based  on 


what  other  states  experience. 

Homeland  security  ranked 
among  the  key  topics  considered 
last  week  at  the  National  Assoc¬ 
iation  of  State  Telecommuni¬ 
cations  Directors  (NASTD).  The 
state  network  executives  also 
shared  experiences  with  VoIP 
(see  www.nwfusion.com,  Doc- 
Finder:  3643),  and  concerns 
about  public-safety  networks,  the 
threat  of  worms  to  state  agencies, 
making  more  efficient  use  of 
existing  infrastructure  and  getting 
enough  staff  to  carry  out  their 
duties. 

NASTD  members  were  warned 
that  coordinated  attacks  against 
their  networks  could  be  a  tactic 
terrorists  use.  “We  should  regard 
cyberterrorism  as  a  weapon  of 
mass  destruction,”  said  William 


Pelgrin,  chairman  of  the  Multi- 
state  Information  Sharing  and 
Analysis  Center  (MS-ISAC), 
which  he  coordinates  through 
the  New  York  State  Office  of 
Cyber  Security  &  Critical  Infra¬ 
structure  Coordination. 

The  system  will  be  very  specif¬ 
ic,  Pelgrin  said. “If  we  went  to  yel¬ 
low,  it  would  tell  you  why  and 
what  you  need  to  do  right  now.  It 
might  be:  Block  Port  445  until  a 
patch  comes  out.” 

MS-ISAC  has  been  developing 
for  more  than  a  year  and  already 
has  helped  out  member  states. 
During  last  August’s  week  of 
worm  outbreaks,  Arkansas  sought 
and  received  help  to  restore  its 
affected  network  segments,  said 
Claire  Bailey  the  director  of  the 
states  department  of  information 
systems. 

MS-ISAC  is  an  informal  group 
set  up  at  the  request  of  the 
Department  of  Homeland  Se¬ 
curity  (DHS)  to  gather  and  share 
data  about  critical  state  govern¬ 
ment  networks  with  the  goal  of 
See  NASTD,  page  48 


American  ITIL:  Best  practices  win  converts 

IT  spending  by  tens  of  millions  of  are  only  now  turning  to  ITIL, 
dollars  and  boost  IT  service  largely  in  response  to  corporate 
delivery  But  many  more  outfits  See  ITIL,  page  14 


year  was  2002,  and  the  setting  was  AT&T’s  corpo¬ 
rate  headquarters  in  Bedminster.N.J.On  what  one 
executive  described  as  being  a  beautiful  day  for  a 
ceremony, outgoing  CEO  C.  Michael  Armstrong  and  then 
CEO-designate  Dave  Dorman  gave  speeches  and 
dozens  of  employees  and  dignitaries  turned  out 
to  pay  their  respects. 

“It  was  a  very  meaningful  day?’  recounts 
Steve  Brazzell,  vice  president  of  corporate  ser¬ 
vices  at  AT&T. 

All  for  a  40-ton  statue 
called  Golden  Boy 
Today,  as  the  carrier 
reshapes  itself  in  the  face 
brutal  competition  — 
ntly  shook  up  the 
Boy,  page  49 


Golden  Boy  in  all  his 
glory  465  feet  atop 
AT&T's  old  head 
quarters  on 
Broadway  in 
Manhattan. 
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The  information  is  there, 
but  can  you  find  it? 

Today  one  of  the  great  challenges  facing  IT  is  the 
ability  to  manage  staggering  amounts  of  information. 
Which  is  why  we  created  HP  StorageWorks  Reference 
Information  Storage  System  (RISS),  a  powerful  new 
solution  capable  of  organizing,  archiving  and  securely 
storing  information  so  it  can  be  found  and  retrieved 
quickly.  HP  RISS  reduces  the  cost  and  complexity  of 
your  network  and  ensures  when  you  have  all  your 
information  at  your  fingertips,  change  comes  easy. 
www.hp.com/info/storageworks_ilm 
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Network  Security.  Enterprise  Security.  Mental  Security 

Have  it  all  with  VeriSign  Security  Services. 
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Ironclad  protection  for  your  infrastructure  with  a  full  suite  of  security  solutions. 

Effective  security  isn’t  about  reacting  to  attacks.  It’s  about  anticipating  them  and  correcting 
weaknesses  before  they’re  exploited.  How?  With  VeriSign  Intelligence  and  Control  Services. 
By  applying  the  highest  level  of  expertise,  technology,  infrastructure  and  intelligence,  they 
give  you  complete  confidence  to  address  your  every  business  issue.  And  in  an  environment 
where  mental  security  is  at  a  premium,  VeriSign  delivers  a  sanity-saving  approach  to 
commerce  and  email  security,  consulting,  authentication  and  managed  security  services. 


- . . . . 

ifiQre information  regarding  VeriSign  Security  Services, 

...Visit  www.verisign.com/secunty 


O  ?G04  VeriSign.  Inc.  All  rights  reserved  V&nSign.  the  VeriSign  logo,  “Security  Sets  You  Free.''  anti  other  trademark.  imrvice  mark., 
and  togot;  are  regpitnrerj  pr  unregistered  trademarks  of  VeriSign  and  its  subSK  tomes  in  the  United  State.*  ukI  in  ty® tjn  country-. 
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News 

■  10  Tool  leads  Microsoft  management  investment. 

■  10  Hitachi  to  unveil  high-end  storage  array. 

■  12  Cisco,  Microsoft  target  SMBs  with  VoIP,  CRM  products. 

■  12  Aruba  rethinks  WLAN  setups. 

■  14  Thinking  of  giving  ITIL  a  shot?  Heed  this  advice  from  IT  managers 

and  consultants  experienced  with  the  framework. 

■  16  Full  exposure:  How  Kodak  converged  its  network. 

■  17  FrontBridge  service  secures  e-mail. 

■  17  Radware  upgrades  data  center  switches. 

■  17  Juniper  tackles  remote  access  security. 

■  48  IBM  revels  in  Web  hosting  appeal. 


Infrastructure 

■  19  U.K.  firm  chooses  brains 
over  brawn. 

■  19  IBM,  EMC  roll  out  midrange 
NAS  devices. 

■  20  Kevin  Tolly:  Windows  XP: 
'Lite'  at  the  end  of  the  tunnel. 

Enterprise 

Applications 

■  21  HP  exec  targets  security 
priorities. 

■  21  Cast  Iron  device  gets 
security,  file  handling  boost. 

■  22  Scott  Bradner:  Can 

anyone  down  there  spell  consumer? 

Service  Providers 

■  25  Nextel  tests  wireless 
broadband  waters. 

■  25  WilTel  and  VeriSign  team  on 
security  services. 

■  26  Carriers  say  regulation  would 
stifle  VoIP. 

■  26  NTT  DoCoMo  branches  out 
with  3G  device. 

■  26  Johna  Till  Johnson: 

Good  riddance  to  a  bad  crew. 


NetWorker 

■  28  Adventures  in  teleworker 
notebooks. 

Technology 

Update 

■  29  Generic  exploit  blocking  stops 
infections. 

■  29  Steve  Blass:  Ask  Dr. 

Internet. 

■  30  Mark  Gibbs:  Tie  'em  up 

and  lock  'em  down. 

■  30  Keith  Shaw:  VoIP  invades 
the  home  network. 

Opinions 

■  32  On  technology:  Net 

needs  to  take  a  bite  out  of 
cybercrime. 

■  33  Shel  Israel:  From  cargo 
port  to  digital  hub. 

■  33  Frank  Dzubeck:  SOA  is 

worth  network  redesign. 

■  50  BackSpin:  Market  factors 
meet  medical  gear,  upgrades. 

■  50  Layer  8:  IE  haters  unite: 
DNA  algorithm  fights  spam:  the 
ultimate  in  geek  bling:  and  more. 

■  44  Career  classifieds. 


Management 

Strategies 
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Features 


My  oh  MIMO:  New  wireless  technology 
that  uses  multiple  transmitters  and  receivers 
could  bring  wireless  LANs  to  the  next  level. 

Page  35. 


Mano  a  mono:  One  IT  consultant's 
battle  against  the  Microsoft  monoculture. 

Page  37. 


Belkin  is  scheduled  to  ship  the  first  pre-standard  802.11 
access  points  and  PC  cards,  both  based  on  Airgo's  MIMO 
chipset,  in  October. 
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RSS  feeds 

Keep  up  with  Network  World  Fusion's  breaking  news,  columnists, 
reviews  and  in-depth  feature  articles  in  a  desktop  aggregator  —  or 
offer  headlines  to  your  Web  site's  visitors.  DocFinder:  3652 

Case  studies 

Learn  best  practices  from  your  peers  to  make  the  most  of  technology, 
save  money  and  streamline  your  business.  DocFinder:  3657 


The  Wireless  Wizards 

Gan  we  extend  range  with  repeaters? 

The  Wizards  help  a  reader  who  asks:  “Can  you  extend  the 
range  of  802.11  networks  using  wireless  repeaters?  I  have 
an  application  where  I  need  mobile  coverage  in  a  large  park¬ 
ing  lot  of  trucks.  Rather  than  hard  wired  access  points,  can 
you  use  multiple  wireless  repeaters  to  extend  the  range  back 
to  a  central  base  station?" 

DocFinder:  3653 


Network  World  Fusion  Radio 

Get  the  inside  scoop  on  hot  technology  issues,  such  as  inexpensive 
servers,  Windows  XP  Service  Pack  2  advice,  network  security  design 
and  more.  Stream  the  sessions  to  your  desktop  or  download  them  as 
MP3s  for  later  use.  DocFinder:  3439 

You've  Got  the  Power  Survey 

Spread  your  influence  by  casting  your  votes  in  this  first-of-its-kind 
survey  gauging  crucial  questions  of  industry  power,  from  executive 
hairstyles  to  comedic  appeal.  DocFinder:  3236 

Seminars  and  Events 


Weekly  Webcast  Newsletter 

Our  weekly  newsletter  delivers  information  on  Webcasts  on  Network 
World  Fusion  —  your  24-7  source  for  solutions  and  strategies, 
with  links,  resources  and  answers  you  need.  Covering  topics  such 
as  security,  applications  and  wireless,  our  Webcasts  are  focused, 
single-topic  briefings  from  technology  experts. 

DocFinder:  2542 
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Telework  Beat 

Telework  Coalition's  next  steps 
Net.Worker  Managing  Editor  Toni  Kistner  says  certification 
programs,  membership  forums,  safety  and  ergonomics  are 
top  priorities  for  2005. 

DocFinder:  3654 

Small-Business  Tech 

Straight  talk  about  data  security 

Columnist  James  Gaskin  shows  you  how  one  small-business¬ 
woman  with  high  security  requirements  secures  her  data. 

DocFinder:  3655 

HomeLAN  Adventures 

Highs  and  lows  with  Apple's  AirPort  Express,  Part  2 
Columnist  Keith  Shaw  looks  at  AirPort  Express'  inability  to 
play  nicely  with  WEP. 

DocFinder:  3656 


Breaking  News 

Go  online  for  breaking  news  every  day.  DocFinder:  6342 

Free  e-mail  newsletters 

Sign  up  for  any  of  more  tnan  40  newsletters  on  key  network  topics. 

DocFinder:  6343 

What  Is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 


The  new  stud  on  the  server  farm. 


Presenting  the  new  Xserve*  G5,  a  wickedly  fast, 
extremely  compatible  and  refreshingly  affordable  1U 
server  from  Apple: 

With  dual  2GHz  64-bit  G5  processors,  it  achieves  blazing 
speeds  of  up  to  30  gigaflops.  It's  so  powerful,  in  fact,  that 
the  U.S.  government  is  deploying*  1 ,566  Xserve  G5  servers  to 
create  one  of  the  world's  fastest  supercomputers,  capable  of 
up  to  25  trillion  calculations  per  second. 

And  it  comes  complete  with  Mac  OS’  X  Server,  Apple's 
UNIX-based  operating  system  that  provides  a  complete  suite 
of  standards-based  network  services  with  no  per-client  fees. 
So  whether  you  have  Mac5,  Windows,  UNIX  or  Linux  clients, 
Xserve  is  ideal  for  cross-platform  file  sharing,  hosting 
dynamic  websites,  streaming  audio  and  video  and  running 
powerful  J2EE  applications  -  right  out  of  the  box. 

Of  course,  its  most  impressive  feature  may  be  its 
price,  starting  at  just  $2,999!  The  new  Xserve  G5. 


TM  and  62004  Apple  Computer,  Inc.  All  rights  reserved.  'Order  purchased  through  COLSA  Corp.  'SRP  For  more  info,  call  1 -800- MY  APPLE  or  visit  vrww.apple.com/xserve. 
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Not  a  good  week  to  be  a  cybercriminal,  Part  1 

■  Federal  law  enforcement  officials  last  week  concluded  an  oper¬ 
ation  that  netted  103  arrests  and  53  convictions  involving  a  series  of 
cybercrimes  that  targeted  150,000  victims.  Operation  Web  Snare, 
which  began  June  1,  wrapped  up  with  several  arrests  across  the 
country  Department  of  Justice  officials  said  victims  lost  more  than 
$215  million. They  added  that  there  were  160  investigations  of  the 
various  schemes  aimed  at  350  subjects  resulting  in  117  criminal 
complaints  or  indictments  and  140  search  warrants.  Attorney 
General  John  Ashcroft  announced  the  results  of  the  initiative,  which 
he  said  was  targeted  at  a  variety  of  online  economic  crimes,  includ¬ 
ing  identity  theft,  fraud,  counterfeit  software,  computer  intrusions 
and  intellectual  property  theft. 

Not  a  good  week  to  be  a  cybercriminal,  Part  2 

■  Meanwhile,  U.S.  law  enforcement  agents  raided  five  homes  and  one  ISP  last  week  in 
what  the  Justice  Department  calls  the  first  federal  enforcement  action  against  piracy  on 
peer-to-peer  networks.  Agents  seized  computers,  software  and  computer  equipment  in  the 
searches,  which  took  place  in  Texas,  New  York  and  Wisconsin. The  action  targeted  illegal 
distribution  of  copyright-protected  movies,  software,  games  and  music  on  five  peer-to-peer 
networks  operated  by  a  group  known  as  The  Underground  Network,  the  Justice 
Department  said  in  a  statement.  No  charges  have  been  filed.  Although  this  is  the  first  time 
the  Justice  Department  is  taking  criminal  enforcement  action  involving  peer-to-peer  net¬ 
works  and  piracy  it  is  not  the  first  time  it  has  involved  itself  with  file  sharing  or  illegal  down¬ 
loads  online. 

The  veins  have  it 

■  Fujitsu  has  commercialized  a  biometric  security  system  based  on  vein-pattern  recog- 
nition.The  system  works  by  shining  a  near-infrared  light  on  a  palm  placed  about  four  cen¬ 
timeters  above  a  scanner. The  scanner  takes  a  snapshot  of  the  palm. The  vein  patterns  illu¬ 
minated  under  the  skin  become  the  basis  for  security  applications. The  information  can 
then  be  loaded  into  a  server  or  put  into  an  integrated  circuit  embedded  in  a  credit  card. 
The  company  has  received  orders  from  two  Japanese  banks,  one  of  which  already  uses 
the  technology.  While  iris-recognition  technology  is  probably  more  secure  than  vein-pat¬ 
tern  identification,  few  ordinary  bank  customers  want  a  retinal  scan  each  time  they  with¬ 
drew  money  Fujitsu  says.  Fingerprint  scanners  are  small  and  convenient,  but  their  use  by 
hundreds  of  people  raises  hygiene  issues. 

Cisco  sends  out  flaw  warning 

■  Cisco  has  warned  customers  about  security  holes  in  two  products  that  provide  user 
authentication  and  authorization  services  for  network  devices  such  as  firewalls  and 

COMPENDIUM 

Free  Wi-Fi  almost  leads  to  arrest 

What  happens  when  you  sit  outside  your  local  library  with  a  Wi-Fi  enabled  laptop?  If 
you're  one  unlucky  guy,  a  cop  comes  by  and  demands  you  stop  “stealing"  with  Wi-Fi. 

Read  the  whole  account  and  get  plenty  of  stuff  you  have  to  see  every  day, 
even  Monday,  in  Compendium,  www.nwfusion.com,  DocFinder:  3658. 
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TheGood  11  Bad  Ik  Ugly 


<g>  Cheers  for  Michigan.  Who  says  California  and  Massachusetts  are 
the  nation’s  high-tech  hotbeds?  Not  the  Center  for  Digital  Government,  which  in  its 
newly  released  Digital  States  Survey  found  Michigan  to  be  tops  among  states  for 
its  best  practices,  policies  and  progress  made  in  using  digital  technologies  to  serve 
citizens  and  streamline  operations. 


Jeers  for  Philly.  In  handing  out  its  first  annual  IM  Awards,  AOL  last  week 
gave  Philadelphia  its  Water  Cooler  Award  in  honor  of  the  city's  instant-messaging 
users  being  most  likely  to  gossip  or  complain  about  both  their  co-workers  and  their 
boss  via  IM. 

Sour  notes.  R&B  superstar  Usher 
has  released  his  5-minute  ode  to  genin' 
down,  “Dot  Com,"  complete  with  truly  terrible 
lyrics  such  as:  "Oooo  I  need  your  backspace 
in  my  life.  Thank  God  you  don't  have  a 
flatscreen"  and  “With  you  I  get  to  use  my 
F  keys.  I  can't  wait  to  give  you  megabytes. 

I  got  other  memory  you  need.”  > 


routers.The  company  issued  a  security  advisory  last  week  identifying  “multiple  denialof- 
service  and  authentication  related  vulnerabilities”  in  two  products:  the  Cisco  Secure 
Access  Control  Server  for  Windows  (Windows  ACS)  and  Cisco  Secure  Access  Control 
Server  Solution  Engine  (Secure  ACS). The  vulnerabilities  could  let  attackers  or  malicious 
users  crash  the  ACS  products  or  gain  unauthorized  access  to  network  devices,  Cisco  said. 
ACS  products  centralize  user  identity  management  for  other  Cisco  products  and  man¬ 
agement  applications,  which  lets  administrators  manage  and  enforce  network  access 
policies.  Cisco  recommended  that  customers  with  service  contracts  bbtain  the  updates 
using  the  Cisco  Product  Upgrade  Tool  or  by  contacting  the  company’s  Technical 
Assistance  Center. 

A  little  wireless  freedom 

■  Customers  of  Sprint  and  SBC  will  be  able  to  use  both  companies’  wireless  Internet  con¬ 
nections  with  less  hassle  under  a  mutual  deal  announced  last  week.  The  agreement  lets 
SBC  customers  use  Sprint’s  Wi-Fi  hot  spots  and  vice  versa.  Instead  of  having  several  differ¬ 
ent  accounts,  users  can  roam  on  other  hot  spots  covered  through  the  reciprocal  arrange¬ 
ments,  and  carriers  handle  the  billing,  Sprint  says.  Sprint  also  has  a  reciprocal  agreement 
with  AT&T  Wireless. 

Longhorn  gets  shorn 

■  Microsoft  last  week  made  dramatic  cuts  to  its  plans  for  the  Longhorn  client  operating 
system,  slicing  out  the  storage  sub-system  called  WinFS  and  saying  it  would  be  in  beta 
when  Longhorn  is  released. The  company  said  Longhorn  would  focus  on  “performance, 
security  and  reliability’ The  shift  makes  Longhorn  more  of  an  evolutionary  release  than 
the  computing  revolution  Microsoft  had  touted.  Microsoft  also  committed  to  2006  as  the 
Longhorn  client  delivery  date.The  server  will  come  in  2007.  WinFS,  which  Microsoft  Chief 
Software  Architect  Bill  Gates  called  his  Holy  Grail,  was  a  pillar  technology  in  Longhorn  for 
universal  search.  Microsoft  said  two  other  pillars,  the  Avalon  presentation  sub-system  and 
Indigo  Web  services  middleware,  would  be  made  available  in  2006. 


I.T.  DEPARTMENTS 
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Windows  management  plan  taking  shape 


■  BY  JOHN  FONTANA 

Microsoft  last  week  took  its  sec¬ 
ond  significant  step  on  its  road  to 
building  a  holistic  management 
platform  for  Windows  and  provid¬ 
ing  corporate  users  with  a  utility 
computing  platform. 

The  company  plans  a  number 
of  additional  steps  over  the  next 
24  months  leading  up  to  its 
Longhorn  family  of  products, 
expected  to  debut  in  2007. 

Last  week,  Microsoft  completed 
work  on  Microsoft  Operations 
Manager  (MOM)  2005  software 
and  said  it  will  ship  Oct.  1.  The 
monitoring  and  performance  tool 
is  significant  because  it  gives 
users  a  means  to  troubleshoot  the 
parts  and  services  of  the  Windows 
Server  System,  a  collection  of  18 
servers. 

Overall,  MOM  2005  represents 
Microsoft’s  next  major  step 
toward  its  Dynamic  Systems 
Initiative  (DSI),  a  multi-stage  pro¬ 
ject  designed  to  create  a  platform 
to  support  a  self-managing  Win¬ 
dows  environment.  The  first  step 
was  taken  in  January  when 


System  Management  Server 
(SMS)  2003  was  released. 

“DSI  sounds  interesting  and 
makes  a  lot  of  sense  because 
Microsoft  should  not  just  be  sell¬ 
ing  a  box  but  a  whole  infrastruc¬ 
ture  that  makes  that  box  work  bet- 
ter(  says  Shai  Ofek,  North  Ameri¬ 
can  team  lead  for  the  global  dis¬ 
tributed  system  group  at  Sumi¬ 
tomo  Mitsui  Financial  Group  in 
New  York.“Whether  that  comes  to 
fruition  I  don’t  know” 

Doubt  is  the  byproduct  of  DSIs 
scope.  Last  year  alone,  Microsoft 
spent  $1.7  billion  in  research  and 
development  on  DSI  to  compete 
with  similar  utility  computing 
projects  underway  by  rivals 
such  as  HP,  IBM  and  Sun. 

“DSI  is  like  a  10-year  deal,” 
says  Mark  Ehr,  an  analyst  with 
Enterprise  Management 
Associates  in  Boulder,  Colo. 

“On  that  scale,  I  would  say 
they  are  about  20%  of  the  way 
there  now.  Maybe  IBM  and  HP 
are  40%  of  the  way  So  Microsoft  is 
behind  the  curve.” 

But  Microsoft  has  a  plan  over 
the  next  few  years  to  give  shape 


Dear  oP  MOM 

Microsoft  last  week  released  Microsoft  Operations 
Manager  2005,  which  eventually  will  become  part  of  a 
larger  platform  called  System  Center.  System  Center, 
which  is  slated  for  release  next  year,  lets  companies 
manage  desktops  and  servers  and  provide  a  centralized 
reporting  service. 
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MOM,  a  monitoring  and 
performance  tool,  and  SMS,  a 
client  management  and  software 
distribution  tool,  collect  data  from 
servers  and  desktops  respectively. 


MOM  and  SMS 
databases  feed 
information  to 
System  Center. 


User  at  System 
Center  reporting 
console  can  run 
any  number  of 
reports  on  data. 


to  DSI  and  expose  its  critical  com¬ 
ponents,  such  as  the  System 
Definition  Model  (SDM). 

With  MOM  2005  finished,  the 


ball  is  rolling 

on  new  capabilities  that  relate  to 
DSI.  By  year-end,  Microsoft  plans 
to  ship  Feature  Pack  add-ons  to 
SMS  2003  that  let  users  create  and 


deploy  to  PCs  configurations  of 
the  Windows  operating  system 
and  to  manage  devices  such  as 
Windows  CE,  PocketPCs  and 
SmartPhones. 

In  mid-2005,  Microsoft  says  it 
will  add  to  the  DSI  lineup  with 
Visual  Studio  2005  and  System 
Center  2005,  a  suite  that  includes 
MOM  2005,  SMS  2003  and  a  tech¬ 
nology  to  analyze  data  called 
Reporting  Services. 

Visual  Studio  2005  will  intro¬ 
duce  developers  to  SDM,  an  XML- 
based  technology  developers  use 
to  provide  applications  with  the 
intelligence  to  communicate 
their  management  and  opera¬ 
tional  needs  to  the  network.  SDM 
will  be  fleshed  out  in  the  next 
version  of  Visual  Studio,  code- 
named  Orcas,  that  is  slated  to 
ship  in  2007  with  Longhorn. 

The  first  evidence  of  how 
SDM  will  work,  Microsoft  says,  is 
/  in  MOM  2005  and  its  Man¬ 
agement  Packs, add-ons  to  appli¬ 
cations  such  as  Exchange  and 
SQL  Server  that  monitor  the  inner 
workings  of  those  systems  and 
See  Microsoft,  page  49 


Hitachi  to  unveil  high-end  storage  array 


Storage  intelligence 

A  sampling  of  vendors  that  offer  or  promise  platforms 
that  support  replication  and  virtualization. 


Company 

Product 

Description 

Availability 

Brocade 

AP7420  Fibre 

Channel  switch 

Switch-based 

Now 

DataCore 

SanSymphony 

Server-based 

appliance 

Now 

EMC 

Storage  Router 

Switch-based 

In  2005 

FalconStor 

IPStor 

Server-based 

software 

Now 

Hitachi  Data 
Systems 

Universal  Storage 
Platform 

Array-controller 

based 

In  six  months 

HP 

Continuous  Access 
Storage  Appliance 

Server-based 

appliance 

Now 

IBM 

SAN  Volume 
Controller 

Switch-  or 
server-based 

Now 

Maranti 

CoreStor  Network 
Storage  Controller 

Switch-based 

Now 

Maxxan 

MXV500 

Switch-based 

Now 

McData 

Sphereon  4700i 

Switch-based 

In  2005 

■  BY  DENI  CONNOR 

Hitachi  Data  Systems  is  expect¬ 
ed  next  week  to  roll  out  a  high- 
end  storage  array  that  runs  long- 
promised  data  pooling  and  repli¬ 
cation  software  that  will  let  users 
support  multi-vendor  storage  sys¬ 
tems  from  one  interface. 

Universal  Storage  Platform, 
dubbed  Lightning  3,  is  set  to  be 
unveiled  at  an  event  in  New  York. 
The  company  declined  to  com¬ 
ment  on  its  plans. 

Virtualization, or  pooling  of  data 
on  arrays  from  different  vendors, 
has  been  a  desire  of  customers 
who  want  to  consolidate  their 
storage  platforms  and  manage 
them  together. 

While  David  Bratt,  technology 
architect  for  H.  Lee  Moffitt  Cancer 
Center  in  Tampa,  Fla.,  has  not  had 
a  chance  to  beta-test  the  new 
product,  he  is  interested  in  it 
because  it  would  solve  many  of 
his  daily  problems. 

“Virtualization  is  a  huge  advan¬ 
tage  for  me  for  management  pur¬ 
poses,  as  well  as  a  cost  savings, 
since  I  can  attach  more  servers 
through  a  single  Fibre  Channel 
port,”  says  Bratt,  who  manages  a 


heterogeneous  storage  environ¬ 
ment  with  a  Hitachi  9570V  and 
9910V,  direct-attached  SCSI  stor¬ 
age  and  IBM’s  proprietary  Serial 
Storage  Architecture  system. 

“Better  storage  utilization  is  also 
an  outcome,”  Bratt  says. 

Analysts  say  Universal  Storage 
Platform  will  have  several  mod¬ 
els,  and  will  include  virtualiza¬ 
tion  software  on  a  blade  in  a  stor¬ 
age  controller  and  have  the  capa¬ 
bility  to  replicate  information 
across  unlimited  distances  to  dis¬ 
similar  storage  arrays  for  disaster- 
recovery  purposes.  Hitachi  will 
be  the  first  major  vendor  to  inte¬ 
grate  heterogeneous  rather  than 
homogeneous  virtualization  and 
replication  features  onto  a  stor¬ 
age  controller. 

“The  box  is  an  uber-array  with 
significant  amounts  of  cache  and 
performance,"  says  an  analyst 
who  asked  not  to  be  identified. 
“Not  only  will  the  Hitachi  array  be 
able  to  pool  data  from  a  variety  of 
sources  but  it  will  be  able  to  use  a 
single  replication  and  manage¬ 
ment  technology  to  move  data 
between  different  arrays.” 

The  array,  which  will  scale  into 
the  multi-petabyte  range,  will  sup¬ 


port  Fibre  Channel,  IBM’s  main¬ 
frame  connectivity  ESCON/ 
FICON  technologies  and  iSCSI, 
which  lets  users  attach  storage- 
area  networks  (SAN)  to  an 


Ethernet  network.  The  array  is 
expected  to  combine  network- 
attached  and  SAN  data  into  one 
virtualized  storage  pool. 

Analysts  say  the  Hitachi  an¬ 


nouncement  could  give  the  com¬ 
pany  an  important  tool  to  battle 
competitors.  According  to  Gar¬ 
tner,  Hitachi  external  controller- 
based  storage  accounts  for  about 
8%  of  the  market,  trailing  EMC, 
which  has  a  21%  market  share, 
and  HP  which  has  almost  19%. 
The  product  also  addresses  the 
need  for  a  heterogeneous  storage 
virtualization  strategy. 

“Vendors  have  done  a  disser¬ 
vice  to  the  industry  —  we’ve  had 
vendors  trying  to  misconstrue 
basic  [logical  unit]  and  volume 
management  as  virtualization,” 
says  Stephanie  Balaouras,  senior 
analyst  for  The  Yankee  Group. 
“But  true  heterogeneous  systems 
integration  and  the  virtualization 
of  replication  and  back-up  tech¬ 
nologies  hasn’t  been  there.” 

The  Universal  Storage  Platform 
also  will  incorporate  different 
classes  of  storage,  such  as  Fibre 
Channel  and  Serial  ATA,  from  dif¬ 
ferent  vendors  to  accommodate 
the  ability  to  place  storage  on  the 
appropriate  media  for  informa¬ 
tion  life-cycle  management. 

This  capability  will  let  Hitachi 
“provision  multiple  classes  of 
See  Hitachi,  page  49 


Unleashes  Your 


The  new  Distributed  Wireless  Solution  from  SonicWALL-a  unique  answer  to  your  network's 
most  pressing  mobility  and  productivity  needs. 

Your  employees  want  to  work. ..everywhere.  You  know  wireless  is  the  answer,  but  what  about  those  nagging  security  concerns?  And  the  headaches 
associated  with  managing  separate  wired  and  wireless  infrastructures? 


Finally,  a  proven  network  security  firm  has  delivered  the  ultimate  wireless  LAN  platform.  Built  upon  its  award-winning  line  of  PRO  series  appliances,  the 
unique  Distributed  Wireless  Solution  from  SonicWALL®  integrates  secure  wireless  functionality  with  a  deep  packet  inspection  firewall,  IPSec  VPN,  content 
filtering,  intrusion  prevention,  gateway-enforced  anti-virus  protection  and  end  point  security.  Using  the  new  multi-radio,  centrally-managed  SonicPoint™ 
802.1 1  a/b/g  satellite  access  points,  you  can  enjoy  powerful  features  such  as  Wireless  Guest  Services  and  secure  wireless  roaming  throughout  your  facility. 
And  whether  you  add  two  or  100  SonicPoints,  it's  all  managed  securely  and  seamlessly  by  the  SonicWALL  security  appliance. 


Give  your  employees  the  heady  feeling  of  freedom.  With  SonicWALL's  ingenious  wireless  security  solutions,  you  can  unleash  your 
workforce  without  sacrificing  security. 

The  SonicWALL  Distributed  Wireless  Solution.  Wired  or  wireless,  it's  all  the  same.  Get  to  work. 

To  learn  more  about  SonicWALL's  Distributed  Wireless  Solution  and  set  your  workforce  free,  contact  one  of  the  resellers  below 
or  visit  www.sonicwall.com/home/reseller.asp  to  find  a  SonicWALL  reseller  near  you. 
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Cisco,  Microsoft  offer  VolP/CRM  package 


a  BY  ANN  BEDNARZ 

Small  and  midsize  businesses 
often  lack  the  IT  skills  and  bud¬ 
get  to  build  sophisticated  call 
center  setups  that  link  customer 
information  stored  in  CRM  appli¬ 
cations  with  IP  telephony  sys¬ 
tems.  Cisco,  working  in  partner¬ 
ship  with  Microsoft,  aims  to 
change  that. 

The  network  vendor  last  week 
announced  software  designed  to 
more  easily  integrate  its  IP-based 
communications  products  with 
Microsoft’s  CRM  software.  Cisco’s 
CRM  Communications  Con¬ 
nector  is  not  something  corpo¬ 
rate  customers  will  purchase. 
Rather,  it’s  available  at  no  cost  to 
channel  partners  that  sell 
CallManager  Express,  Cisco’s  IP 
telephony  platform  for  SMBs. 

The  purpose  of  the  new  soft¬ 
ware  is  to  simplify  the  effort  it 
takes  to  make  the  vendors’  prod¬ 
ucts  work  together,  says  Peter 
Alexander,  vice  president  of 
Ciscos  commercial  market  seg¬ 
ment.  The  vendors’  coordinated 
development  efforts  should 
make  it  easier  for  resellers  to  set 
up  these  systems  and  therefore 
less  expensive  for  businesses 
without  the  in-house  expertise  to 
implement  the  integrated  sys¬ 
tems,  he  says. 

Few  SMBs  use  CRM,  partly 
because  the  software  from  major 
CRM  vendors  is  too  expensive 
and  complex  for  them,  accord¬ 
ing  to  Helen  Chan,  an  analyst  at 
The  Yankee  Group. 

Those  that  have  gone  all  the 
way  to  integrating  CRM  with  an 
IP  telephony  system  have  had  to 
rely  on  a  system  integrator  that 


Corrections 


■  In  the  story  "Oracle's  take  on 
|  enterprise  collaboration  im- 
|  presses"  (Aug.  23,  page  65),  we 
said  the  purchase  price  includes 
I  Oracle  engineers  coming  to  your 
|  site  and  doing  the  installation, 

|  and  helping  customers  get  up 
:  running  quickly.  Oracle  does  offer 
i  its  Collaboration  Suite  Accelerator 
|  Service,  a  separately  priced  ser- 
|  vice  that  helps  customers  imple- 
%  ment  the  suite  in  15  days.  The 
|  Oracle  Collaboration  Suite  is  also 
%  offered  as  an  outsourced  ser¬ 
if  vice,  but  these  are  not  included 
i  f  in  the  license  price. 


created  its  own  software  —  a 
lengthy  and  expensive  process, 
she  says. 

“To  get  this  to  work  before,  it 
required  someone  to  sit  down 
and  write  a  custom  application, 
and  all  that  technology  is  propri¬ 
etary”  Chan  says.  As  a  result,  for 
updates  or  additions  to  the  sys¬ 
tem, “you’re  always  going  back  to 
that  same  partner.” 

Used  together,  Cisco’s  VoIP  gear 
and  Microsoft’s  CRM  software 
allow  for  features  such  as  screen 
pops,  wherein  customer  informa¬ 
tion  stored  in  the  CRM  applica¬ 
tion  automatically  pops  up  on 
the  user’s  screen  as  the  call 
comes  in. 

A  click-to-dial  feature  lets  users 


■  BY  JOHN  COX 

Aruba  Wireless  Networks  is 
unveiling  products  it  says  will 
turn  enterprise  wireless  LAN 
costs  inside  out. 

Highlighting  the  company’s 
new  Wireless  Grid  are  stream¬ 
lined  802.1  la/b/g  access  points 
that  plug  into  an  Ethernet  wall 
outlet  or  become  part  of  a  struc¬ 
tured  cable  deployment  as  com¬ 
bined  access  point/wall  jack. 

Also  included  is  a  switch, 
dubbed  the  5 100,  that  can  take  a 
second  processing  board  to  han¬ 
dle  up  to  3.6G  bit/sec  throughput 
for  encrypted  traffic.  Switch  soft¬ 
ware  automates  the  ability  for 
access  points  to  handle  different 
services,  such  as  only  802.11a 
traffic,  or  radio  frequency  moni¬ 
toring  or  location  tracking. 

To  set  up  the  grid,  an  Aruba  AP 
60  or  61  access  point  is  plugged 
into  a  standard  Ethernet  wall 
jack. 

The  Model  60  has  a  detachable 
antenna  that  can  be  replaced 
with  a  higher-gain  or  directional 
antenna;  the  Model  61  has  a 
built-in  antenna.  Both  models 
use  the  Atheros  802. 11a/ 
b/g  chipset  and  can  transmit  on 
2.4-GHz  or  5-GHz  radio  bands. 
The  devices  are  loaded  with 
client  code  to  register  and  com¬ 
municate  with  the  new  Aruba 
switch. 

Aruba  says  the  setup  elimi¬ 
nates  the  high  cost  of  wiring  and 
installing  access  points  in  the 
spaces  above  hanging  ceilings 


launch  calls  from  Microsoft  CRM 
contact  records.  The  integrated 
systems  also  enable  call  track¬ 
ing,  for  monitoring  call  duration; 
and  information  capture,  for 
keeping  track  of  incoming  and 
outgoing  call  numbers. 

The  Communications  Connec¬ 
tor  runs  on  a  server  along  with 
Microsoft’s  CRM  software  and 
requires  client  software  to  be 
installed  on  each  desktop.  It 
communicates  with  Cisco’s 
router-based  CallManager  Ex¬ 
press  software. 

No  additional  hardware  is 
required,  and  employees  answer¬ 
ing  IP  phone  calls  can  be  lo¬ 
cated  anywhere  network  access 
is  available,  Alexander  notes. 


typically  found  in  enterprise 
sites  (installation  charges  com¬ 
monly  range  from  a  few  hundred 
dollars  to  as  much  as  $1,000  per 
access  point).  Aruba  now  will 
charge  a  yearly  fee  of  $200  to 
cover  each  access  point  and  its 
software  and  maintenance, 
whereas  in  the  past,  the  vendor 
charged  separately  for  each. 

Company  officials  say  the  pric¬ 
ing  model  will  let  customers  bet¬ 
ter  afford  WLANs  optimized  for 


“Because  it’s  over  an  IP  network, 
a  user  could  be  at  home  as  a 
telecommuter  doing  this  or  in  a 
hotel  room  over  a  VPN  doing 
this.You  can  be  anywhere  on  net¬ 
work  and  have  CRM  capabilities 
with  IP  telephony,”  Alexander 
says. 

The  availability  of  Cisco’s  CRM 
Communications  Connector 
software  follows  plans  an¬ 
nounced  in  February  by  long¬ 
time  partners  Microsoft  and 
Cisco  to  jointly  go  after  SMBs.  But 
the  Cisco-Microsoft  partnership 
is  not  an  exclusive  arrangement 
—  Microsoft  also  is  a  CRM  part¬ 
ner  of  Cisco  competitor  Avaya. 
Siemens,  NEC  and  Altigen,  too, 
offer  integration  between  their 


maximum  performance:  lots  of 
Aruba  access  points  that  can  be 
quickly  and  easily  installed,  with 
automatic  adjustments  to  main¬ 
tain  high-bandwidth  connec¬ 
tions  and  minimize  interference. 

“Access  point  prices  have 
fallen,  [but]  labor  costs  have 
continued  to  rise,”  says  Craig 
Mathias,  principal  for  Farpoint 
Group.  “So  why  not  just  plug 
[access  points]  into  the  wall?” 

Mathias  says  the  Wireless  Grid 


telephony  products  and  Micro¬ 
soft’s  CRM  software,  says  Brian 
Riggs,  a  principal  analyst  at 
Current  Analysis. 

Microsoft  is  emerging  as  a  key 
player  in  the  CRM  applications 
market.  So  far  its  software  is 
aimed  at  SMBs,  but  industry 
watchers  expect  the  software 
giant  to  target  larger  enterprise 
customers  over  time. 

Cisco  needed  a  CRM  partner  to 
keep  up  with  its  competition, 
Riggs  says.“CRM  was  definitely  a 
gap  in  Ciscos  telephony  strat¬ 
egy;’  he  says. 

IDG  News  Service  correspon¬ 
dent  Stephen  Lawson  con¬ 
tributed  to  this  story. 


is  not  a  new  architecture  in  that 
it  still  relies  on  access  points,  but 
he  says  it  should  let  customers 
deploy  more  of  the  devices 
where  needed. 

Two  existing  Aruba  customers 
are  intrigued. 

“The  main  benefit  of  the  grid  is 
the  [higher]  capacity  and  the 
affordability  that  makes  that  pos¬ 
sible,”  says  Chris  Price,  informa¬ 
tion  facilities  technician  at  Olivet 
Nazarene  University  in  Bour- 
bonais,  Ill.  “We  could  create  a 
grid  with  existing  access  points 
but  we’d  pay  a  lot  more  to  do 
that.” 

Big  auditoriums  could  have 
hundreds  or  even  thousands  of 
students  with  wireless  laptops. 
“With  the  grid,  we  can  put  in  a  lot 
more  access  points  and  they  can 
self-calibrate,”  Price  says. 

Sharp  Healthcare,  a  San  Diego 
hospital  group,  might  add  the 
new  access  points  for  use  as  RF 
monitors  so  it  doesn’t  have  to 
dedicate  more-expensive  access 
points  or  deploy  an  entirely  sep¬ 
arate  monitoring  system.  The 
grid  devices  also  can  be  used  as 
needed  for  additional  capacity 
or  for  802.11a  users,  says  Gary 
Jenkins, senior  network  engineer 
for  Sharp. 

The  Wireless  Grid  base  system, 
including  the  $16,000  Model 
5100  switches  available  now. Still 
in  the  works  is  the  integrated 
access  point  and  wall  plate, 
which  Aruba  is  building  with 
structured  cabling  vendor 
Ortronics.  ■ 


Aruba  rethinks  WLAN  setups 

Wireless  Grid  features  new  802.11a/b/g-based  switch  and  access  points. 


New  look  WLAN 

Aruba  says  its  new  Wireless  Grid  products  let  customers 
build  WLANs  by  plugging  access  points  into  standard 
Ethernet  wall  jacks  and  later  installing  combined  access 
point/wall  jacks.  The  company  says  this  is  easier  and  less 
expensive  than  wiring  and  installing  access  points  in 
ceilings,  as  is  now  typically  the  case. 
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ITIL 

continued  from  page  1 

demands  to  do  more  with  smaller 
staffs  and  stingy  capital  budgets. 

The  framework  consists  of  a  set 
of  books  (also  available  on  CDs) 
that  outline  in  great  detail  the 
steps  needed  to  perform  inci¬ 
dent,  change,  configuration  and 
problem  management,  and  about 
a  dozen  other  IT  disciplines.  ITIL 
helps  network  managers  set 
processes  and  better  document 
IT  actions  for  future  audits,  such 
as  those  related  to  new  govern¬ 
ment  compliance  rules. 

The  organization  overseeing 
ITIL,  the  IT  Service  Management 
Forum,  reports  that  the  number  of 
individual  U.S.  members  in  its 
ranks  has  almost  tripled  over  the 
past  three  years,  from  550  to 
roughly  l,600.SeparatelyU.K. pub¬ 
lisher  The  Stationery  Office,  which 
sells  the  framework  through  mul¬ 
tiple  distribution  channels,  re¬ 
ports  that  about  one-third  of  ITIL- 
related  traffic  on  its  Web  site 
comes  from  the  U.S.  And  industry 
watchers  expect  growth  to  con¬ 
tinue:  Forrester  Research  predicts 
that  “2005  will  be  the  year  when 
ITIL  goes  mainstream.” 

Now  close  to  15  years  old,  ITIL 
originated  with  the  British  gov¬ 
ernment,  which  initially  had  the 
primary  responsibility  of  advanc¬ 
ing  and  improving  on  the  set  of 
rules  for  how  to  deliver  IT  ser¬ 
vices  more  efficiently  across  de¬ 
partments.  But  control  over  ITIL 
has  become  more  distributed, 
with  the  IT  Service  Management 
Forum  reporting  20  cities  in  the 
U.S.  have  their  own  local  interest 
groups  now. 

Observers  also  credit  technol¬ 
ogy  vendors  with  bringing  ITIL  to 
life  in  the  U.S. 

“Big  vendors  like  Computer 
Associates  and  HP  are  talking 
about  it  at  their  user  shows,”  says 
Brian  Johnson,  director  of  prod¬ 
uct  management  at  Pink  Ele¬ 
phant,  an  ITIL  consultancy  in 
Burlington,  Ontario. 

Vendors  such  as  BMC  Software, 
IBM  and  Micromuse  also  have 
gone  to  great  lengths  in  the  past 
year  to  detail  how  their  manage¬ 
ment  software  supports  ITIL 
tenets. 

Market  research  firms  also  are 
talking  up  ITIL.  Gartner  says  fully 
adopting  an  IT  service  manage¬ 
ment  strategy  can  cut  an  organi¬ 
zation's  cost  of  IT  ownership  by 
about  50%.  Forrester  says  until 
recently  U.S.  companies  were  try¬ 
ing  to  define  for  themselves  what 
ITIL  was,  but  with  more  vendor 
direction  the  best  practices  sys¬ 
tem  is  becoming  clearer  to  them. 


“Implementations  will  be  tightly 
connected  to  the  infrastructure 
management  tools  that  compa¬ 
nies  use,  as  these  tools  contain 
more  and  more  ITIL  best  prac¬ 
tices  out  of  the  box,”  a  Forrester 
report  says. 

ITIL  stands  to  become  more 


valuable  as  more  vendors  start 
using  similar  terminology  and 
reporting  methods  in  their  prod¬ 
ucts.  For  example,  the  ITIL  frame¬ 
work  includes  details  on  how  IT 
staff  should  request  and  docu¬ 
ment  making  a  change,  say  to  a 
network  router. 

Still,  vendors  don’t  undergo  any 
real  ITIL  certification,  Johnson 
warns.  Also,  vendor-agnostic  ITIL 
information  is  available  free  on¬ 
line  at  numerous  user  Web  sites 
tracking  the  framework,  and  com¬ 
plete  ITIL  documentation  can  be 
purchased  from  organizations 
that  support  the  best  practices 
standard. 

Embracing  ITIL 

For  Mark  Bradley,  senior  appli¬ 
cations  development  analyst  at 
Zurich  Life,  a  business  unit  of 
Bank  One  in  Schaumburg,  111.,  the 
combination  of  technology  and 
best  practices  included  in  Pere¬ 
grine  Systems  Service  Center 
aligned  with  the  ITIL  processes 
his  Swiss-based  company  wanted 
to  see  at  its  U.S.  offices.  In  the  late 
1990s,  he  says  Zurich  Life  man¬ 
agement  started  to  put  the  pres¬ 
sure  on  American  IT  staff  to  fol¬ 
low  a  set  of  policies  and  proce¬ 
dures  to  guarantee  better  IT  ser¬ 
vice  delivery 

“We  had  so  many  separate  poli¬ 
cies  and  processes  in  place  that 
we  really  were  stepping  all  over 
each  other  to  get  things  done,” 
Bradley  says.  “We  were  forced  to 
stop,  slow  down  and  take  a  look 
at  how  we  did  things.” 

Using  the  guidelines  for  inci¬ 
dent  and  problem  management, 
Bradley  says  his  organization  is 
working  to  get  ITIL  change  man- 
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agement  and  ultimately  service- 
level  management  in  place  on 
the  help  desk  that  now  serves  his 
company  and  Bank  One  and  its 
recent  merger  partner,  JPMorgan 
Chase.  “ITIL  offers  a  lot  of  pieces 
to  a  big  puzzle,”  but  companies 
don’t  necessarily  have  to  adopt 


every  bit  of  the  framework  to  see 
benefits,  he  says. 

To  date,  maintaining  consis¬ 
tency  on  the  Zurich  Life  help 
desk  has  let  the  company  reduce 
the  number  of  contracted  IT  staff 
needed  to  service  2,500  end  users 
in  two  buildings  from  30  down  to 
10.“At  $85  per  hour  for  those  con¬ 
tractors,  that’s  enough  of  a  savings 
for  us  to  keep  going,”  he  says. 

Lee  Adams,  vice  president  of 
service  management  and  deliv¬ 
ery  at  Hospital  Corporation  of 


America  in  Nashville,  says  getting 
1,100  IT  workers  to  use  the  same 
set  of  processes  has  been  a  chal¬ 
lenge  for  his  organization,  but  a 
worthwhile  one.  In  fact,  the  size  of 
the  IT  staff  supporting  200  hospi¬ 
tals  and  200,000  employees  is 
part  of  the  reason  he  says  ITIL  is  a 
perfect  fit  for  his  organization. 

“Using  ITIL  helps  you  under¬ 
stand  how  touching  one  part  of 
IT  affects  another  part,”  Adams 
says.  Making  IT  staff  understand 
that  their  actions  set  off  a  series  of 
other  actions  across  the  large 
enterprise  network  helped  them 
adjust  to  using  new  management 
methods. 

“Adoption  can  be  perceived  as 
a  curse  when  people  think  you 
are  working  to  make  their  jobs 
harder,  but  really  the  effort  helps 
them  understand  why  IT  prob¬ 
lems  happen  and  how  managing 
changes  helps  prevent  them,”  he 
says. 

Adams  measures  his  ITIL  suc¬ 
cess  on  the  repeatable  and  con¬ 
sistent  delivery  of  IT  services, 
which  he  says  directly  relates  to 
the  infrequency  of  network  and 
computing  outages  at  the  com¬ 
pany  “We  know  outages  cost 
money  and  we  see  from  time  to 
time  that  the  processes  we  have 
in  place  are  preventing  outages,” 
he  says. 

ITIL  experts  warn  that  to  get  the 


most  out  of  the  framework  com¬ 
panies  need  to  set  deadlines  and 
stick  to  them.  Otherwise,  ITIL  gets 
unwieldy,  they  say 

Priscilla  Milam, dean  of  technol¬ 
ogy  at  Kingwood  College  in 
Texas,  says  her  goal  to  get  five  col¬ 
lege  campuses  connected,  shar¬ 
ing  one  service  desk  to  support 
40,000  students  and  following  the 
same  set  of  ITIL  practices,  was 
sent  back  to  the  drawing  board. 

“[The  challenge]  for  adopting 
ITIL  is  a  people  and  process 
problem  more  so  than  a  soft¬ 
ware  problem.  It  really  changes 
how  IT  has  to  think  and  work,” 
she  says. 

In  Milam’s  case,  the  IT  staff 
members  she  put  in  charge  of 
getting  ITIL  practices  established 
across  multiple  departments 
couldn’t  change  the  way  the 
majority  of  staff  wanted  to  work. 
Now  on  her  second  attempt  to 
bring  best  practices  to  the  group 
of  colleges,  Milam  says  she  will 
offer  more  training,  assign  more 
assertive  staff  members  to  the 
task  and  get  upper  management 
to  set  the  standard. 

“The  IT  staff  is  very  hands-on 
and  good  at  what  they  do,  but  I 
want  them  to  stand  back  and  get 
the  ‘ah  ha’  moment  I  had  when  I 
realized  ITIL  could  help  us  stop 
repeating  mistakes  and  deliver 
better  services,”  she  says.  ■ 


Getting  started 

Thinking  of  giving  ITIL  a  shot?  Heed  this  advice  from  IT  managers  and 
consultants  experienced  with  the  framework. 


Start  with  incident  management: 

"It's  hard  to  move  on  to  the  other  ele¬ 
ments  such  as  service-level  management 
if  you  don't  know  how  many  incidents  you  typi¬ 
cally  have,"  says  Brian  Johnson,  director  of 
product  management  at  Pink  Elephant,  an  ITIL 
training  consultancy  in  Burlington,  Ontario. 

Address  pain  points:  If  change  management 
is  what  you  need,  don’t  feel  compelled  to  adopt 
configuration  and  other  components  of  the  ITIL 
framework.  "It  could  become  cost-prohibitive  to 
do  it  all,"  says  Mark  Bradley,  senior  applications 
development  analyst  at  Zurich  Life,  a  business 
unit  of  Bank  One  in  Schaumburg,  III. 

Own  the  process:  Put  an  IT  staff  member  in 
charge  of  each  ITIL  process  you  plan  to  adopt. 
“The  staff  has  to  be  empowered  to  tell  the  rest 
of  IT,  This  is  how  we  are  going  to  do  things 
from  now  on,’"  says  Priscilla  Milam,  dean  of 
technology  at  Kingwood  College  in  Texas. 

Revise  your  mission  statement:  IT  shops  will 
need  to  redefine  their  role  in  their  companies  to 
get  ITIL  working  across  multiple  IT  silos.  “You 
have  to  perform  an  aptitude  test  of  sorts. 

'Does  my  IT  group  know  it’s  here  to  serve  the 
company  and  that  they  have  to  work  toward 


one  goal  to  do  so?’"  says  Lee  Adams,  vice  pres¬ 
ident  of  infrastructure  services  at  Hospital 
Corporation  of  America  in  Nashville. 

Standardize  tools:  Adopting  common  pro¬ 
cesses  across  an  enterprise  IT  department 
requires  all  IT  staff  to  report  and  resolve  inci¬ 
dents  in  the  same  manner,  often  with  the  same 
hardware  and  software.  “We  have  three  compa¬ 
nies  coming  together,  and  I  need  to  get  all  the 
help  desk  staff  using  Peregrine  Systems  service 
management  software  to  make  ITIL  work  across 
the  entire  enterprise,"  Bradley  says. 

T rain  staff:  While  the  idea  of  doing  things  a 
different  way  might  not  require  certification, 
early  ITIL  adopters  warn  that  without  training 
IT  staff,  ITIL  processes  will  fail.  "We  have  had 
to  start  our  attempts  to  implement  ITIL  over 
because  it  really  didn’t  make  sense  to  the 
staff,"  Milam  says. 

Get  management  on  board  early:  Manage¬ 
ment  could  be  the  CEO,  CIO  or  CTO,  but  ITIL 
users  say  without  someone  telling  the  IT  orga¬ 
nization  that  it  has  to  adopt  the  framework,  it 
won't  happen.  “There  has  to  be  100%  buy-in 
from  the  top  to  make  it  work,"  Adams  says. 

—  Denise  Dubie 


I  ft  Using  ITIL  helps  you 
understand  how  touching 
one  part  of  IT  affects 
another  part.  19 

Lee  Adams 

Vice  president  of  infrastructure  services, 
Hospital  Corporation  of  America 
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MIDDLEWARE  IS  IBM  SOFTWARE.  Fans,  broadcasters, 
even  players,  are  accessing  every  shot  at  PGA  TOUR® 
events  online  -  in  real  time.  The  scalable  multiplatform 
technology  of  IBM  DB2  integrates  and  manages 
information,  allowing  SHOTLink,  the  PGA  TOUR’S  ball¬ 
following  technology,  to  uplink  and  downlink  every  shot, 
run  all  the  numbers  and  tell  the  entire  story  -  hole  by  hole. 


1.  Player  attempts  30-foot  chip. 

2.  Operator  measures  distance. 

3.  Stats  entered  into  PDA. 

4.  SHOTLink  truck  transmits  data. 

5.  Broadcaster  broadcasts  a  “birdie! 


Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/middleware/information  KJ  DEMAND  BUSINESS 
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Middleware  is  Everywhere.  Can  you  see  it? 


NetworkWonld 


8/30/04 


News 


www.nwfusion.com 


Fuil  exposure:  How  Kodak  converged  its  net 

If  any  company  is  familiar  with  technology  churn,  it’s  Eastman  Kodak.  The  photography  pioneer's 
technology  has  evolved  over  a  century  from  the  first  photographic  dry  plates  to  film  to  digital 
imaging.  More  recently,  the  company’s  IT  group  has  undergone  sweeping  changes,  consolidating 
servers  at  350  sites  into  one  data  center  at  headquarters  in  Rochester,  N.  Y,  and  standardizing  on 
SAP  software  across  the  company.  At  the  same  time,  Kodak  converged  its  international  voice  and 
data  networks  over  a  Multi-protocol  Label  Switching  VPN  service.  John  Parsons,  a  32-year  veteran 
of  Kodak  who  oversaw  the  projects  as  manager  of  Kodak  Global  Telecommunications,  Worldwide 
Information  Systems  group,  spoke  recently  with  Network  World  Senior  Editor  Phil  Hochmuth. 


How  do  business  conditions  at  Kodak  affect  network  technology 
decisions? 

Kodak  is  going  through  a  major  transformation  from  the 
film  and  paper  world  to  a  digital  world. The  profit  margins 
are  a  lot  less  on  digital;  therefore,  we  have  to  restructure 
the  company’s  cost  structure  away  from  the  labor-inten¬ 
sive,  analog  film  business.  So  we’re  going  through  some 
shrinkage  and  restructuring.  At  the  same  time,  demand  for 
services,  particularly  data,  continues  to  rise,  so  there  is 
more  and  more  demand  on  the  network.  We  have  a  sin¬ 
gle  instance  of  SAP  that  is  the  core  of  our  ERP  system  that 
runs  in  Rochester. . .  .That  puts  some  stringent  network 
requirements  on  a  global  basis  to  make  sure  people  are 
getting  good  response  time  globally 

How  has  consolidating  servers  and  apps  helped  the  business? 

The  company  has  seen  a  lot  of  benefits  from  running  a 
single  instance  of  SAP  We  have  a  much  more  integrated 
view  of  what’s  happening  in  the  business  at  any  point  in 
time.That’s  certainly  making  the  company  run  better.  But 
that  decision  to  run  SAP  out  of  Rochester  and  service  the 
world  with  it  made  life  very  difficult  from  a  networking 
perspective.  We  had  to  make  sure  people  had  good  perfor¬ 
mance  from  Rochester  to  the  inner  cities  in  China.That 
was  a  challenge,  but  we’ve  learned  a  lot  by  doing  that,  too. 

You  recently  moved  from  a  private-line  network  to  an  MPLS- 
based  VPN.  Why? 

Increasing  data  bandwidth  [for  SAP]  was  one  of  the  dri¬ 
vers  to  put  out  bids  for  an  MPLS  network.  At  the  same 
time,  we  were  adding  VoIP  [Voice  and  SAP]  are  time-sensi¬ 
tive,  where  a  person  is  sitting  there  waiting  for  something 
to  happen. . .  .With  MPLS, you  end  up  with  more  of  a 
meshed  network,  instead  of  a  point-to-point  network. You 
get  connectivity  from  any  site  to  any  other  site  without 
going  through  multiple  hops. You  get  some  class-of-service 
options  too, so  you  can  differentiate  traffic. 

How  is  using  an  MPLS-based  VPN  service  different  from  manag¬ 
ing  a  private-line  backbone? 

We’re  looking  to  get  more  bandwidth  for  less  money 
and  that  just  requires  almost  constant  renegotiation  and 
redesigning. You  really  have  to  look  at  the  traffic  patterns. 
If  the  traffic  patterns  change  because  the  number  of 
employees  in  a  plant  changes,  you  need  to  adjust  the 
bandwidth  or  adjust  the  topology  as  to  what  connects  to 
what. We’re  always  looking  at  new  technologies. 

Are  you  and  your  staff  less  involved  in  network  management 
now  that  it  all  runs  on  a  managed  MPLS  VPN  service? 

My  network  engineers  are  still  heavily  involved  with  the 


carrier  when  they  install  the  system  and  configure  it. 
We’ve  got  as  much  experience  as  these  carriers.  We  want 
to  make  sure  we  don’t  just  throw  the  specs  over  the  wall 
and  say  go  ahead  and  do  it  without  us  watching.  We  stay 
heavily  involved  in  the  planning  and  design  to  make  sure 
it’s  done  right. 

When  did  you  start  converging  voice  and  data? 

We  started  converging  the  network  in  1999  with  a  cou¬ 
ple  of  facilities  in  Asia,  when  we  couldn’t  get  the  carrier 
voice  services  we  wanted. . .  .We  had  standardized  long 
ago  on  Cisco  routers  for  data  network  technology  so  it 
made  sense  to  take  a  look  at  interfacing  the  PBXs  to 
those  routers  and  adding  the  VoIP  capability  on  the  data 
backbone. 

What  was  more  complex:  voice/data  convergence  or  the  SAP 
implementation? 

In  the  past,  my  group  has  spent  more  of  our  time  deal¬ 
ing  with  data  problems  and  making  data  applications 
work.The  voice  network  typically  just  sat  there  and  the 
PBXs  go  in  and  stay  there  for  years;  you  don’t  touch  them, 
just  maintain  them.  I’d  say  there’s  less  voice  expertise  in 
the  company  to  deal  with  changing  the  voice  network.  So 
that  was  probably  more  of  a  challenge.  It’s  funny  because 
you  would  think  that  running  one  application  worldwide 
would  be  more  complex. 

What  have  been  the  benefits  of  going  to  VoIP? 

Cost  savings.  Over  the  last  five  years,  by  going  to  VoIP 


and  things  like  MPLS,  we’ve  been  able  to  drive  $3  mil¬ 
lion  a  year  out  of  our  international  voice  costs. 

Did  you  set  a  dollar  value  for  the  savings  you  expected? 

It  was  more  incremental.  Once  we  started  into  voice 
over  IP  and  saw  it  could  work  and  save  money,  we  contin¬ 
ued  to  do  it  where  it  made  sense. There  was  no  big  pro¬ 
gram  that  said  we’ll  save  $5  million  over  five  years  and 
here’s  how. 

Were  there  staffing  issues  in  converging  voice  and  data? 

Our  staff  is  more  data-centric.  Most  of  the  voice  work 
was  negotiating  carrier  contracts  and  making  sure  we  got 
good  rates. 

For  a  long  time  we’ve  had  the  voice  and  data  people 
together  in  one  organization.  So  there  wasn’t  much  of 
an  issue  in  bringing  voice  and  data  staffs  together.  Some 
data  people  had  to  learn  new  voice  skills  and  voice 
people  had  to  learn  data  skills,  but  that’s  goodness  in 
the  end. 

What  were  the  major  nuts-and-bolts  challenges? 

Getting  the  interface  between  the  PBX  and  the  router  to 
work  properly,  and  getting  all  the  signaling  that  goes  on  to 
work  properly  ...  all  those  little  nuances  with  making  a 
call.  We  had  to  have  our  Kodak  router  engineers  working 
with  the  Cisco  router  engineers  right  alongside  the 
[Nortel]  PBX  engineers. . .  .When  we  started  out, we  had 
to  learn  how  to  tune  the  thing,  how  to  do  the  QoS  and 
the  bandwidth  management.That  took  a  little  while. 
When  we  put  in  the  new  MPLS  system  in  Asia  with 
Singapore  Tel,  there  was  a  learning  curve  to  make  sure 
things  were  configured  properly 

Are  there  plans  to  put  IP  phones  on  desks  or  to  implement  con¬ 
verged  voice/data  applications? 

We’re  taking  it  fairly  slow  at  this  point,  focusing  on  our 
WAN  for  VoIP  We  haven’t  put  a  strategy  together  on  what 
exactly  we’re  going  to  do  with  IP  telephony  and  how 
fast  we’re  going  to  get  there. 

I’ve  been  hoping  to  hear  about  more  killer  applications 
out  there  for  IP  telephony  but  I  haven’t  seen  much.  Mostly 
[applications  such  as  unified  messaging  and  presence] 
seem  like  convenience  things. Some  of  those  things  would 
not  impress  the  CIO  or  the  CFO  with  the  business  case. 
They’re  looking  for  hard  dollar  savings  right  now. There’s 
definitely  a  place  for  some  of  these  converged  applica¬ 
tions.  But  it’s  a  matter  of  putting  a  compelling  story  to¬ 
gether  as  to  why  we  should  make  the  investment.  ■ 


John  Parsons 


Organization:  Eastman  Kodak 


Responsibilities: 

Staff  size: 
IT  budget: 

What  keeps  him 
up  at  night: 

Fun  fact: 


Manager  of  GlobalTelecommunications,  Worldwide  Information 
Systems 

Ensuring  the  delivery  of  voice  and  data  services  to  64,000 
employees  in  55  countries. 

80  internal,  working  with  outsourcers 
More  than  $300  million 

"When  people  don't  have  dialtone,  you  hear  about  it  much  quicker 
than  if  the  data  network  has  problems.  Keeping  that  service  in 
good  shape  and  cost  efficient  is  important." 

Before  there  was  e-mail,  Kodak  invented  V-mail,  orVictory  Mail, 
during  World  War  II. The  technology  put  letters  to  troops  on 
microfilm  for  easier  shipping.  More  than  500  million  V-mails  were 
sent  between  1941  and  1943. 
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FrontBridge  service  secures  e-mail 


■  BY  JOHN  FONTANA 

FrontBridge  Technologies  this  week  will 
add  secure  e-mail  and  archiving  to  its  lineup 
of  hosted  services  to  appease  corporate 
users  that  seek  tools  to  satisfy  regulatory 
compliance  issues. 

The  company  has  teamed  with  Voltage 
Security  to  offer  Secure  Email,  a  service  that 
lets  users  send  encrypted  e-mail  from  their 
existing  client  software  with  the  click  of  a 
button.  The  service  is  based  on  Voltages 
Identity-Based  Encryption  (IBE),  which  elim¬ 
inates  the  overhead  of  public-key  infrastruc¬ 
ture  and  key  management. 

FrontBridge  also  will  announce  it  has 
acquired  MessageRite  and  will  use  its  tech¬ 
nology  to  launch  a  corporate  service  for 
e-mail  and  instant-messaging  archiving. 

Company  officials  say  corporate  customers 


could  use  either  to  help  achieve  compliance 
with  government  regulations. 

“There  is  a  lot  of  reluctance  around  the 
deployment  of  secure  messaging  because 
the  perception  is  that  it  is  too  expensive,”  says 
Michael  Osterman,  president  of  Osterman 
Research.  He  says  only  about  one  in  five  cor¬ 
porate  users  is  a  frequent  user  of  secure  mail. 
“The  service  approach  is  a  way  to  go  to  avoid 
rolling  out  an  entire  infrastructure  just  to  sup¬ 
port  a  few  people.” 

FrontBridge’s  service  works  by  installing  a 
small  piece  of  desktop  software  that  inte¬ 
grates  with  Outlook,  Lotus  Notes  or  Hotmail 
e-mail  clients.The  software  adds  a  button  to 
the  client  interface  that  provides  one-click 
process  to  encrypt  e-mail.  The  service  lets 
users  send  encrypted  e-mail  to  anyone. The 
recipient  can  install  the  client  software  or 
can  use  a  “zero-download"  Web-based  inter¬ 


face  to  decrypt  the  mail,  which  is  stored  on 
his  desktop  like  any  other  e-mail.  The 
Secure  Email  service  stores  a  user’s  private 
key,  which  is  used  to  decrypt  e-mail  he 
receives. 

Voltage’s  IBE  technology  lets  identities, 
such  as  e-mail  addresses  and  phone  num¬ 
bers,  be  used  as  public  keys.  This  elimi¬ 
nates  the  need  for  certificates,  certificate 
revocation  lists  and  other  secure  mail 
infrastructure. 

The  SecureMail  service  competes  with 
offerings  from  Sigaba,  Tumbleweed  and  Zix. 
CipherTrust,  which  develops  the  Ironmail 
message  security  appliance,  began  using  the 
Voltage  technology  in  July  as  part  of  its 
IronMail  Privacy  Architecture. 

FrontBridge’s  Secure  Mail  service  starts  at 
$8  per  month,  per  user. The  archiving  service 
has  not  been  priced.  ■ 


Radware  upgrades  data  center  switches 


■  BY  PHIL  HOCHMUTH 

Radware  last  week  released  an 
update  to  its  Layer  4-7  switch 
operating  system  software  that 
promises  better  security  and 
bandwidth  management  for  data 
center  traffic. 

The  update  to  Radware’s  Syn- 
Apps  software  can  let  users  stop 
SYN  flood  attacks  on  a  network 
with  Radware  switches  and 
appliances,  the  vendor  says.  The 
upgrade  also  can  let  users  man¬ 
age  network  bandwidth  for  data 
center  applications  with  finer 
control  than  before,  Radware 
adds. 

SynApps  software  runs  on 
Radware’s  Application  Switch 
and  Security  Switch  hardware, 
which  typically  reside  in  front 
of  corporate  servers.  The  soft¬ 
ware  lets  Radware  switches 
classify  application  traffic  types 
and  load-balance  applications 
among  servers.  For  security,  the 
software  can  be  set  to  block 
potential  denial-of-service 
attacks  by  identifying  suspi¬ 
cious  traffic  patterns. 

A  new  feature  is  a  health-moni¬ 
toring  capability,  which  could  be 
pointed  at  a  certain  application 
type  —  such  as  VoIP  —  and  alert 
users  if  the  traffic  throughput  or 
latency  falls  below  a  certain 
level. 

Also  new  is  the  ability  to  con¬ 
trol  bandwidth  on  a  per-client 
basis.  Whereas  previous  Syn¬ 
Apps  features  let  users  apply 
bandwidth  levels  to  certain 
applications,  the  new  software 


lets  bandwidth  be  throttled 
up  and  down  on  an  individual 
end-user  basis.  This  could  be 
used  to  apply  high  bandwidth 
to  certain  applications  for 
power  users  or  for  limiting 
access  to  certain  applications. 

“[Radware]  is  starting  to  ex¬ 
pand  the  depth  of  what  they 


■  BY  TIM  GREENE 

Juniper  this  week  is  announc¬ 
ing  technology  that  promises  to 
give  businesses  more  ways  to 
guarantee  computers  making 
remote  links  to  corporate  net¬ 
works  have  appropriate  security 
software  in  place. 

Juniper  is  offering  program¬ 
ming  hooks  into  its  software  that 
other  vendors  can  use  to  inte¬ 
grate  their  products  —  such  as 
firewalls  and  anti-virus  products 
—  with  Juniper’s  endpoint-pro¬ 
tection  software. 

Juniper  Endpoint  Defensive 
Initiative  (JEDI)  will  make  it  pos¬ 
sible  to  more  thoroughly  inspect 
the  defenses  on  remote-access 
computers  to  make  sure  their 
operating  systems  are  patched 
and  other  security  software  is 
updated  and  configured  to  meet 
corporate  policies. 

JEDI  is  similar  to  Microsoft’s 
network  access  protection 
(NAP)  program,  which  will  open 
up  APIs  on  Windows  XP  to  other 
vendors.  These  APIs  support  XP’s 


offer  for  enterprises,”  says 
Lucinda  Borovick,  an  analyst 
with  1DC.  Although  the  company 
was  once  seen  as  mainly  a 
server  load-balancing  vendor, 
the  addition  of  security  features 
a  few  years  ago  and  now  the  lat¬ 
est  SynApps  upgrade  put  more 
on  the  vendor’s  menu. 


monitoring  whether  the  other 
vendors’  software  is  turned  on, 
current  or  properly  configured. 
New  features  of  Windows  2003 
Server  then  would  determine  if 
the  machine  meets  security  poli¬ 
cies  and  either  allow  access, 
deny  it  or  redirect  to  a  quaran¬ 
tine  network  where  the  com¬ 
puter  can  get  the  updates  it 
needs.  NAP  is  due  out  next  year. 

Juniper  is  different  in  that  JEDI 
will  push  required  software  to 
the  remote  machine.  For  exam¬ 
ple,  if  a  company  policy  called 
for  remote  computers  to  have 
Whole  Security’s  Confidence 
Online  malware  scanner  before 
being  given  access,  Juniper’s 
Host  Checking  Agent  could  look 
for  it.  If  it’s  not  there,  the  gateway 
can  push  a  lightweight  version  to 
the  computer. 

These  lightweight  software 
versions  that  Juniper  partners 
are  developing  generally  will  be 
Active  X  controls  that  terminate 
when  the  Secure  Sockets  Layer 
sessions  terminate,  Juniper  says. 
The  push  mechanism  also 


Competitors  include  Cisco, 
Coyote  Point  Systems,  F5 
Networks,  NetScaler,  Nortel  and 
Redline  Networks. 

The  SynApps  architecture 
software  is  available  as  a  free 
upgrade  to  Radware  switch 
customers  with  maintenance 
contracts.  ■ 


could  be  used  to  distribute,  per¬ 
manent  client  software,  the 
company  says. 

Six  vendors  are  cooperating 
to  better  integrate  their  gear  via 
the  Juniper  gateway  API: 
InfoExpress  (personal  firewall, 
policy  compliance  check); 
Microsoft  (personal  firewall); 
McAfee  (anti-virus);  Sygate 
(personal  firewall,  virtual  desk¬ 
top,  malware  scanning);  Trend 
Micro  (anti-virus);  and  Whole- 
Security  (malware  scanner). 

In  the  case  of  Microsoft,  Juniper 
wrote  its  software  to  comply  with 
Microsoft’s  Internet  Connection 
Firewall,  the  firewall  added  to  XP 

Juniper  acknowledges  the 
overlap  with  Microsoft  NAP  but 
says  JEDI  is  shipping  now  while 
NAP  ships  next  year.  After  NAP 
ships,  Juniper  gateways  will  sup¬ 
port  NAP  and  could  act  as 
enforcement  points  for  policies 
that  a  NAP  server  checks. 

JEDI  features  are  part  of  a  soft¬ 
ware  upgrade  that  comes  stan¬ 
dard  with  Juniper  NetScreen 
Secure  Access  Gateways.  ■ 
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Juniper  tackles  remote  access  security 


The  SecureLinx  product  family  is  a  complete  data  center  solution. 

>  SecureLinx  SLC  -  Console  management  (shown) 

>  SecureLinx  SLK  -  Remote  KVM™  over  IP 
Power  management 


SecureLinx 


SecureLinx  SLP 


When  you  absolutely  can’t  get  to  your  IT  equipment... 
get  there  anyway.  The  data  center  is  the  lifeblood  of  your 
business.  Even  a  short  period  of  downtime  can  be  a  major 
problem,  so  when  something  does  go  wrong  you  need  to 
be  able  to  address  it  instantly.  With  SecureLinx  SLC,  you 
can  minimize  or  eliminate  downtime  and  keep  your 
business  afloat! 


SecureLinx  SLC  console  managers  from 
Lantronix  give  you  consolidated  access  so 
you  can  control,  diagnose  and  repair 
virtually  everything  in  the  data  center  via  their  serial  ports. 
You  gain  total  out-of-band  management  of  all  your 


Linux,  Unix  or  Windows®  2003  servers  (as  well  as  routers, 
switches,  telecom  equipment  and  building  access  devices) 
And  you  can  access  it  from  anywhere  over  the  Internet  - 
even  if  the  network  is  down  -  with  the  confidence  of  the 
highest  level  of  security  available.  SecureLinx  SLC  features 
SSL  and  SSH  encryption.  Plus,  it’s  the  only 
console  manager  with  a  NIST-certified 
implementation  of  Advanced  Encryption 
Standards.*  Best  of  all,  it’s  easier  and  less 
expensive  to  implement  than  you  may  think 
Don’t  let  your  data  center  ever  go  under! 

Call  Lantronix  today. 


Visit 

www.lantronix.com/info/ad001c/ 

for  your  free  console 
management  white  paper. 


LANRONIX* 

Network  anything.  Network  everything 

www.lantronix.com  I  (800)422-7055 


O  Lantronix,  2004.  Lantronix  is  a  registered  trademark,  and  SecureLinx  and  Remote  KVM  are  trademarks  of  Lantronix,  Inc  *As  of  August  2004,  SecureLinx  SLC  is  the  only 
console  manager  with  a  NIST-certified  implementation  of  Advanced  Encryption  Standards  as  specified  by  FIPS- 197  (Federal  Information  Processing  Standards). 
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U.K.  firm  chooses  brains  over  brawn 

Netezza  appliance  crunches  big.  numbers  and  improves  business  results. 


■  BY  ANN  BEDNARZ 

What  Caudwell  Communications  lacks  in  brawn, 
the  start-up  telecom  service  provider  is  trying  to 
make  up  for  in  smarts.  It’s  doing  some  serious 
number-crunching  to  stay  on  top  of  customer  usage 
trends,  avert  fraud  and  find  the  most-attractive  call  rout¬ 
ing  options. 

The  device  handling  much  of  the  analysis  for  Caudwell 
is  a  data  warehouse  appliance  called  the  Netezza 
Performance  Server.  It  combines  a  server,  storage  and 
relational  database  in  one  device.  What  it’s  crunching  is 
terabytes  of  call  detail  records  (CDR)  that  Caudwell  gets 
from  other  carriers,  plus  operational  data  from  its  inter¬ 
nal  order  processing,  billing  and  CRM  applications. 

Caudwell  uses  the  intelligence  to  make  business  deci¬ 
sions.  For  example,  it  helps  the  provider  identify  its  most- 
promising  prospects  —  the  Netezza  appliance  gleaned 
data  showing  people  who  pay  by  direct  debit  are  easier 
to  recover  money  from  than  those  who  pay  by  check, 
says  Joe  Macken,  head  of  IT  at  Caudwell  in 
Manchester,  England. 

It  also  keeps  the  telecom  provider  nimble. 

When  a  much  larger  competitor  announced  it 
would  introduce  new  rates  for  fixed-line  tele- 

See  Netezza,  page  20 


Big  number 
crunching 


Netezza’s  appliance  helps 
Caudwell  Communications 
analyze  customer  trends, 
identify  fraud  and  improve 
network  utilization. 


The  Netezza  Performance  Server  correlates  terabytes 
of  data  from  internal  order  processing,  CRM  and  billing  systems, 
and  call  detail  records  from  external  carriers’  systems. 


Carrier 

data 

□□□ 


Netezza 

Performance 

Server 


Back-end  business 
applications 


Users  can  query  the  Netezza 
device  to  test  new  service 
offerings  before  launch;  find 
inconsistencies  between  calls 
placed  and  calls  billed;  and  identify 
least-cost  routing  options. 


Caudwell  Communications 


IBM,  EMC  roll  out  midrange  NAS 


■  Sun  and  Gigabit  Ethernet  start-up 
S2io  announced  last  week  that  Sun 
would  incorporate  support  for  S2io's 
Xframe  10G  bit/sec  Ethernet  adapt¬ 
ers  into  its  Solaris  operating  system 
for  SPARC  and  its  Advanced  Micro 
Devices  Opteron  and  Intel  Xeon- 
based  servers.  S2io  also  will  provide 
Sun  with  TCP/IP  offload  technology 
with  Remote  Direct  Memory  Access 
capability  to  speed  processing  in 
transaction-intense  computing  envi¬ 
ronments.  S2io  did  not  say  when  Sun 
servers  will  be  equipped  with  its 
adapters,  but  says  servers  and  work¬ 
stations  from  vendor  SGI  already 
ship  with  the  Xframe  technology. 

■  Xiotech  last  week  unveiled 
Economy  Enterprise  Fibre  Channel 
drives  and  Serial  Advanced  Tech¬ 
nology  Attachment  drives  for  its 
Magnitude  3D  storage  array,  let 
ting  IT  managers  create  tiered  stor¬ 
age  within  a  single  storage  device. 
Economy  Enterprise  drives  are  300G- 
byte  Seagate  Fibre  Channel  drives 
that  operate  at  7,200  RPMs.  With  the 
Xiotech  Magnitude  3D,  IT  managers 
can  write  business-critical  data  that 
requires  high  performance  and 
accessibility  to  Fibre  Channel 
drives,  less  business-critical  data  to 
Economy  Enterprise  Fibre  Channel 
drives  and  archival  data  to  Serial 
ATA  drives.  The  drives  are  expected 
to  be  available  by  the  end  of  next 
month.  A  Magnitude  3D  with  2T 
bytes  of  Serial  ATA  storage 

starts  at  less  than  $40,000. 

■  Intel  last  week  rolled  out  its  first 
chipset  that  supports  all  three  cur¬ 
rent  forms  of  Wi-Fi.  With  a  chipset 
that  includes  IEEE  802.11a,  b  and  g 
technology,  a  notebook  PC  can  con¬ 
tinue  to  connect  to  corporate  wire¬ 
less  LANs  without  a  hardware  up¬ 
grade  even  if  the  company  migrates 
to  a  new  infrastructure.  Intel’s  size 
makes  it  less  agile  than  smaller  com¬ 
petitors  such  as  Broadcom,  Atheros 
and  Texas  Instruments,  which  have 
had  the  chipsets  for  some  time,  some 
analysts  say. 


■  BY  DENI  CONNOR 

EMC  and  IBM  separately  have  unveiled 
midrange  network-attached  storage  prod¬ 
ucts  for  users  who  want  to  combine  and 
manage  NAS  and  storage-area  network 
technology. 

NAS  appliances  let  users  write  file-ori¬ 
ented  data  to  file  servers  connected  to  the 
IP  network.  NAS  gateways  give  users 
access  to  block-level  data  stored  on  SANs 
via  the  IP  network  and  let  users  access 
and  manage  file-  and  block-level  SAN 
data  from  one  source. 

EMC  this  week  is  releasing  three 
midrange  NAS  appliances  —  the  NS500, 
NS500G  and  NS704G  —  which  fit  between 
the  company’s  low-end  Microsoft  Storage 
Server  2003-based  NetWin  NAS  appli¬ 
ances  and  its  high-end  Celerra.The  NS500 
is  a  NAS  appliance  that  supplies  easily 


IBM's  TotalStorage 
NAS  Gateway  500 

The  NAS  Gateway  500  lets  users 
access  either  block-level  SAN  storage 
or  file-level  NAS  data. 


accessible  storage  to  IP  network  users;  the 
NS500G  and  NS704G  are  gateway  servers 
that  attach  to  Fibre  Channel  or  Advanced 
Technology  Attachment  (ATA)  storage 
and  let  it  be  managed  and  accessed  along 


with  NAS  storage. 

IBM  last  week  introduced  the  IBM  Total- 
Storage  NAS  Gateway  500,  which  is  based 
on  one  Fbwer4+  processor  and  comple¬ 
ments  its  higher-performance  two-  to  four- 
processor  product. 

Laurie  Beam,  director  of  technology  for 
law  firm  Smith  Anderson  in  Raleigh,  N.C., 
chose  a  NAS  gateway  to  link  her  existing 
file  servers  to  the  firm’s  SAN,  which  con¬ 
tains  the  firms’  business-critical  docu¬ 
ments. 

“By  using  a  gateway  to  link  our  file  serv¬ 
er  data  with  our  SAN  data,  we  are  able  to 
manage  it  from  a  single  virtualized  pool,” 
Beam  says. 

She  uses  the  NS600G,  EMC’s  previous 
NAS  gateway,  to  connect  her  EMC  Clariion 
SAN  to  the  file  servers  on  her  network. 

The  EMC  NS500  consists  of  a  dual  1.6- 

See  Storage,  page  20 
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Historically,  we  in  the  U.S.  have  right¬ 
fully  considered  ourselves  IT  trend¬ 
setters.  But  when  it  comes  to  the 
inexorable  move  away  from  Microsoft,  we 
look  to  be  followers  more  than  leaders  — 
with  Europe  and  Asia,  especially,  taking 
the  lead.  Microsoft’s  pending  release  of  a 
“lite”  version  of  XP  in  Asia  would  seem  to 
acknowledge  that  fact. 

While  there  are  certainly  companies 
and  individuals  in  the  U.S.  taking  advan¬ 
tage  of  “Microsoft-only”  features  in  end- 
user  applications  and  back-office  systems, 
I’d  imagine  that  all  but  the  most  dyed-in- 
the-wool  Microsoft  supporters  would  con¬ 
cur  that  the  feature  bloat  in,  say  MS  Office 
presents  far  more  options  than  we  ever 
would  need  to  use. 

Conversely,  most  of  us  could  get  our  jobs 
done  with  minimal  problems  using  the 
Open  Office  productivity  suite  (www. 


Windows  XP:  ‘Lite1  at  the  end  of  the  tunnel 


openoffice.org)  on  Windows  or  Linux.Yet, 
we  don’t  switch.  (I  haven’t.) 

For  most  of  us,  it  is  not  our  decision  — 
but  the  decision  of  a  corporate  hierarchy 
likely  with  deep  ties  to  Microsoft.  For  many 
of  us  as  well,  there  are  key  applications, 
such  as  Outlook  (linked  to  Exchange  in  the 
back  end),  that  we  rely  on  as  “lifelines”  and 
that  can’t  easily  be  substituted  by  open 
source  offerings  (although  Outlook  Web 
Access  has  improved  vastly). 

For  still  others,  it  may  just  be  inertia.Their 
approach  might  be  summed  as:  It  works, 
we  are  used  to  paying  for  it  (over  and  over 
again)  —  so  just  leave  it  alone. 

And  so  for  most  companies  with  an 
established  IT  infrastructure,  it  takes  some 
significant  event.  I  wrote  last  year  about  just 
such  an  event  —  the  plan  to  move  some 
15,000  or  so  desktops  in  Munich  to  Linux 
(www.nwfusion.com,  DocFinder:  3628). 

Microsoft  fought  hard  to  keep  this  from 
happening  —  reportedly  even  including  a 
personal  visit  by  CEO  Steve  Ballmer.  Still,  it 
went  ahead  —  until  recently  Microsoft’s 
newer  tactic  of  threatening  patent  viola¬ 
tions  for  Linux  users  seems  to  have 
stopped  the  project  dead  in  its  tracks.  A 


report  in  The  Register,  a  U.K.  publication 
(DocFinder:  3629),  says  the  project  is  on 
hold  until  any  potential  patent  violation 
issues  are  resolved. 

In  Asia, so  I’m  told, U.S.  patent  law  doesn’t 
trigger  the  same  kind  of  fear  that  it  does 
elsewhere. So  Microsoft  might  not  be  bank¬ 
ing  on  this  strategy  for  that  marketing. 

Additionally  many  Asian  countries  just 
now  are  beginning  mass  computerization. 
Thus,  they  (fortunately  for  them)  don’t 
have  the  baggage  that  we  have  when  it 
comes  to  integrating  old  (Microsoft)  with 
new  (open  source). 

Finally  many  Asian  customers  just  cannot 
or  will  not  pay  the  kind  of  money  Microsoft 
wants  even  for  its  lowly  Windows  XP  Home 
Edition.  Enter  “Starter  Edition”  (DocFinder: 
3630). 

Shipping  soon  in  Thailand,  Malaysia  and 
Indonesia,  the  reduced-function  version  of 
XP  Home  is  being  called  a  pre-emptive 
strike  against  Linux  by  some  analysts 
(unnamed  in  a  CNN  story). 

With  the  stated  intent  of  offering  a  “sim¬ 
plified”  computer  environment,  Microsoft 
mercilessly  hacks  away  at  core  functions. 
With  breathtaking  audacity,  Microsoft’s 


official  releases  tell  us  how  shackling  the 
user  to  800-by-600-pixel  video  resolution 
is  a  helpful  feature  of  the  starter  edition. 
The  company  has  further  simplified  your 
life  by  allowing  only  three  applications 
with  three  windows  each.  While  that 
might  sound  like  a  lot,  it  means  three 
browser  windows,  three  IM  windows  and 
any  other  application  of  your  choice  — 
and  that’s  it. 

The  ultimate  “simplification,”  though,  is  to 
remove  all  support  for  PC-to-PC  home  net¬ 
working  and  printer  sharing.  Back  to  the 
good,  ol’ “simple”  days  of  sneaker-net.  Only 
Microsoft  would  try  to  get  away  with  taking 
most  of  the  value  out  of  a  product  and 
telling  the  customer  that  it  is  for  their  own 
good. 

This  unconscionable  gutting  of  XP 
should  send  a  message  to  prospective 
users,  will  certainly  make  Linux  more 
attractive  and  ultimately  might  cause 
Microsoft  more  harm  than  good. 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  test¬ 
ing  company  in  Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@tolly.com. 
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■  Lessons  from  Leading  Users 

Netezza 
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phony  services,  Caudwell  scrambled  to 
devise  competitive  —  while  still  prof¬ 
itable  —  new  service  plans  of  its  own. 

“Within  24  hours,  we  were  able  to  take 
a  sample  of  40  million  CDRs  and  apply 
call  plan  ideas  —  factoring  in  things  like 
calls  made  during  on-peak  and  off-peak 
times  —  then  model  the  impact  and 
arrive  at  our  own  set  of  decisions.  It  took 
just  a  couple  days  to  create  entirely  new 
call  plans,”  Macken  says. 

In  the  end,  Caudwell  introduced  and 
went  live  with  its  new  rate  plans  even 
before  the  competitor  rolled  out  its  own, 
he  says. 

It’s  also  helped  to  identify  “revenue 
leakage”  resulting  from  people  who 
made  unauthorized  calls  against  existing 
call  plans  that  then  weren’t  being 
charged  to  any  account.“Within  just  the 
first  couple  of  weeks,  we  identified  leak¬ 
age  that  the  carriers  weren’t  aware  of,” 
Macken  says. 

Big  business 

For  Caudwell,  finding  a  data  warehouse 
system  wasn’t  easy  Caudwell  has  big- 
league  performance  requirements  but 
not  the  budget  for  a  traditional  high-end 
data  warehouse,  Macken  says. 

The  company  looked  first  at  high-end 
market  leaders  such  as  Teradata.  “We 
rapidly  arrived  at  the  conclusion  that 
such  an  investment  was  above  and 


beyond  what  a  medium-enterprise  bud¬ 
get  could  handle,”  he  says.  Not  only  was 
the  cost  prohibitive,  but  also  the  imple¬ 
mentation  timetable  was  too  long. 
Caudwell  wanted  its  data  warehouse  to 
be  up  and  running  within  four  months. 

Caudwell  also  considered  software- 
based  data  warehousing  systems,  but  the 
scalability  wasn’t  adequate.  Caudwell’s 
multi-terabit  data  volumes  well  suipass 
the  limits  of  products  such  as  Microsoft 
Access,  SQL  and  Oracle  running  on 
industry-standard  servers,  he  says. 

When  Caudwell  stumbled  across 
Netezza,  the  vendor  boasted  that  its 
appliance  delivers  10  to  50  times  the 
performance  at  half  the  cost  of  current 
data  warehouse  systems  To  do  so, 
Netezza  locates  processors  in  close 
proximity  to  the  storage  component.  In 
this  way,  the  system  can  filter  and 
process  records  right  as  they  come  off 
the  storage  disk,  so  only  the  relevant 
information  for  each  query  gets  han¬ 
dled,  the  vendor  says. 

Netezza  seemed  too  good  to  be  true, 
Macken  recalls.  “We  didn’t  believe  the 
metrics  they  were  laying  down  for  us,”  he 
says.  So  Caudwell  gave  the  vendor  a 
chance  to  prove  itself.  Macken  delivered 
a  CD  with  56  million  CDRs  and  57  differ¬ 
ent  call  plans  and  told  the  vendor  to 
rewrite  each  CDR  for  all  57  new  plans. 
Netezza  ran  the  query  in  98  minutes, 
Macken  says. 

When  Caudwell  had  tried  a  similar 
query  on  an  Oracle-based  system,  the 
telecom  service  provider  abandoned  the 
effort  after  two  days  of  processing.  ■ 


Storage 
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GHz  controller  with  four  10/100/1000 
Gigabit  Ethernet  connections  and  as 
much  as  4T  bytes  of  useable  Fibre 
Channel  storage  and  12T  bytes  of  ATA 
drive  capacity  per  storage  controller.  The 
NS500  uses  one  or  two  1.6-GHz  con¬ 
trollers. 

The  NS500G  is  a  dual-processor  gateway 
that  also  can  attach  to  as  much  as  16T 
bytes  of  storage  per  controller.  The 
NS700G  is  a  gateway  NAS  product  that  has 
four  controllers  and  as  much  as  8T  bytes 
of  useable  Fibre  Channel  and  8T  bytes  of 
ATA  capacity  per  controller. 

EMC  also  has  enhanced  the  manage¬ 
ment  capabilities  of  its  high-end  Celerra 
NAS  array.  Celerra’s  management  soft¬ 
ware  now  includes  the  ability  to  collect 
statistics  such  as  CPU  usage,  number  of 
Common  Internet  File  System  connec¬ 
tions  and  files  and  file  system  and  device 
throughput.  Furthermore,  users  can 
export  these  statistics  for  use  in  other 
programs. 

EMC  also  has  improved  the  integration 
of  Microsoft’s  Volume  Shadow-copy  Ser¬ 
vices  with  Celerra,  which  lets  users  re¬ 
cover  deleted  files  without  the  assistance 
of  an  IT  manager.  Each  EMC  NS  appliance 
is  now  iSCSI-capable,  letting  customers 
without  SANs  migrate  to  block-level  Fibre 
Channel  storage. 

Storage  growth  capacity 

With  the  new  IBM  TotalStorage  NAS 
Gateway  500,  customers  can  scale  from 
one  processor  to  two,  four  or  eight  proces¬ 
sors  as  their  needs  for  storage  accessibility 
and  performance  change. 


The  new  product  includes  support  for 
three  modes  of  mirroring  data  over  IP 
networks  —  asynchronous,  synchronous 
and  Mirror  Write  Consistency  (MWC). 
MWC  writes  data  to  the  local  disk  at  the 
same  time  it  is  sent  to  the  remote  site. 
IBM  says  MWC  is  faster  than  synchro¬ 
nous  and  more  reliable  than  asynchro¬ 
nous  mirroring. 

The  new  NAS  Gateway  500  also  includes 
support  for  Windows  2003  and  Ether- 
Channel,  which  allows  load  balancing 
among  Ethernet  connections  for  in¬ 
creased  performance.  The  gateway  is  a 
rack-mountable  4U-high  appliance  that 
uses  an  IBM  pSeries  server  as  its  con¬ 
troller.  A  cluster  interconnect  kit  is  avail¬ 
able,  which  links  two  NAS  Gateway  500s 
together  to  provide  fault-tolerance  and 
availability. 

EMC’s  and  IBM’s  gateways  are  not  alone 
in  this  market.  The  EMC  NS500  compares 
to  the  Network  Appliance  FAS270  and  the 
IBM  TotalStorage  NAS  Gateway.  The  EMC 
NS704G  compares  to  the  Network  Appli¬ 
ance  960  C  cluster  and  IBM’s  more-power¬ 
ful  two-eight  TotalStorage  NAS  Gateway 
500.  Each  of  these  boxes  is  more  powerful 
than  the  Microsoft  Windows  Storage 
Server  boxes  from  Dell,  HP  and  IBM. 

The  IBM  TotalStorage  NAS  Gateway  500 
is  expected  to  be  available  next  month 
starting  at  $60,000.  A  dual-controller  EMC 
NS500  with  IT  byte  of  capacity  starts  at 
$8 1 ,000;  the  NS704G  starts  at  $  1 65,000.The 
NS500G  starts  at  $52,300.  ■ 
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As  more  attacks  penetrate  traditional  perimeter  defenses,  smart  organizations  adopt 


defense-in-depth  strategies  in  which  application-level  security  plays  an  increasingly  critical  role. 

■  By  Joanne  Cummings 


Joseph  Granneman  knows  all  too  well  the  importance  of 
a  true  defense-in-depth  strategy  Granneman,  manager  of 
networking  and  data  security  at  Rockford  Health 
System,  a  healthcare  company  in  Illinois,  had  the  gates  barred 
by  firewalls  and  intrusion-detection  systems  but  still  got 
slammed. 

“We  used  to  think  the  computer  room  was  safe 
because  it’s  on  the  LAN  and  not  the  Internet,  but 
that’s  just  not  so,”  he  says.  “We’ve  got  a  great 
perimeter,  but  the  last  few  worms  hit  us 
anyway’ 

It  turns  out  consultants  had  walked  in 
with  the  infections.  In  one  case, a  con¬ 
sultant  had  unplugged  a  protected 
desktop  and  swapped  in  his  in¬ 
fected  laptop,  bypassing  the  com¬ 
pany’s  perimeter  safeguards  and  ^ 
spreading  the  infection  internally 
“He  didn’t  know  he  had  the 
worm,  so  it  wasn’t  intentional. 

But  it  hit  us  hard,”  Granneman 
says. 

Cases  like  Rockford’s  are  com¬ 
mon  enough  that  it  is  clear  that 
reliance  on  a  hardened  perime¬ 
ter  is  no  longer  enough.  As 
perimeter  security  has  become 
more  robust,  the  bad  guys  have 
found  new  ways  in.  Or,  as  in  Rock¬ 
ford’s  case,  attacks  are  launched 
from  within.  What’s  more,  business 
today  demands  cross-linking  net¬ 
works  with  partners  and  customers, 
many  of  which  have  less-than-secure 
networks. 

“Even  if  we’re  doing  the  right  things,  we’re  not 
sure  our  partners  are,”  says  John  Pironti,  enterprise 


solutions  architect  and  security  consultant  at  Unisys,  noting  that 
large  companies  that  do  business  with  smaller  shops  are  espe¬ 
cially  vulnerable.  “Boutique  shops  don’t  tend  to  have  the 
resources  to  protect  themselves,  and  they  like  to  advertise 
they’re  working  with  big  companies.So  if  you’re  an  attacker, you 
look  for  these  little  companies  and  attack  them,  then  use 
the  secure  pipes  into  the  larger  organizations  to 
attack  them.” 

Faced  with  these  changes, organizations  are 
relying  more  on  defense-in-depth  strategies 
in  which  they  bolster  their  perimeter 
security  tools  with  internal  measures 
and  application-level  security 

Three  levels  of  defense 

Granneman  is  taking  a  three¬ 
pronged  strategy  for  his  most  criti¬ 
cal  internal  resources.  First,  he  is 
taking  traditional  firewall  and 
IDS  perimeter  security  and  ap¬ 
plying  it  internally  in  front  of  crit¬ 
ical  devices  and  servers.  “We’re 
trying  to  build  a  perimeter-like 
moat  around  the  internal  com¬ 
puter  room,”he  says. 

Second,  he  is  implementing  a 
technology  from  Zone  Labs 
called  Integrity,  which  eliminates 
the  vulnerability  underscored  by 
the  consultant’s  infected  laptop. 
With  Integrity  when  a  user  logs  on  to 
the  network  they  are  directed  to  the 
Integrity  server  that  determines  if  his 
machine  has  the  appropriate  patch  levels 
and  virus  signatures  before  providing  full  net¬ 
work  access.  If  the  device  is  not  up  to  snuff, 
Integrity  routes  it  to  a  secure  server  that 
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downloads  the  appropriate  updates. 

Third,  Rockford  is  implementing  Top 
Layer  Networks’  Attack  Mitigator  applica¬ 
tion-level  intrusion-prevention  system 
(IPS)  between  the  servers  and  the  fire- 
wall/IDS  combination.  Attack  Mitigator 
focuses  on  protecting  the  network  from 
nefarious  traffic  the  firewall  lets  through.lt 
hones  in  on  individual  application-level 
protocols,  such  as  HTTP  for  Web  applica¬ 
tions, SMTP  for  e-mail  or  DNS  for  hosting, 
and  ensures  that  only  protocol-appro¬ 
priate  traffic  types  and  requests  get 
through  to  the  server. 

This  third  layer  is  especially  important 
because  the  latest  round  of  denial-of- 
service  attacks,  as  well  as  spyware  and 
malware  infections,  have  made  it  by 
perimeter  defenses  and  exploited 
holes  at  the  application  level. 

For  example,  many  recent  attacks 
focused  on  exploiting  miscoded  field 
lengths  in  Web  applications  that 
kicked  off  buffer  overflows.“If  1  have 
a  field  where  I  can  type  in  a  name,  I 
should  only  have  alpha  characters 
there,”  explains  Unisys’  Pironti,  who 
uses  an  application-level  IPS  from 
F5  Networks  called  TrafficShield. 

“There  really  should  be  no  num¬ 
bers  there.  So  TrafficShield  will 
stop  the  numbers  before  they  pass 
through  to  the  Web  site,  preventing 
a  lot  of  the  buffer  overflow 
attacks.  It  creates  a  shield  around 
the  environment  at  the  applica¬ 
tion  level.” 

Better  rights  management 

Another  way  organizations 
are  looking  to  shore  up  the  net¬ 
work  from  the  application  side 
is  better  identity  management. 

Larry  Jarvis,  vice  president  of  I 
network  engineering  at  Fi 
delity  Investments,  says  his 
company  has  implemented  a 
multi-pronged  defensive  ap¬ 
proach  similar  to  Rockford’s 
and  Unisys’, but  that  it  is  find¬ 
ing  the  resulting  complexity 
tough  to  manage. 

“Today  we  ensure  network 
security  through  brute  force 
—  through  segmentation 
and  walling  off  microcosms 
of  the  overall  infrastructure 
with  firewalls  and  so  on,”  he 
says.  “But  that  doesn’t  scale 
well,  and  it’s  very  complex  to 
support  and  manage.” 


As  more  attacks  penetrate  perimeter  defenses,  these  six 
steps  can  help  ensure  your  organization's  network  and 
applications  remain  secure. 


X 
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1. 


Recognize  the  limits  of  the  perimeter.  Although  perimeter 
security  technologies  such  as  firewalls  and  intrusion-detection 
systems  (IDS)  are  important,  they  are  just  one  part  of  an  overall 
security  solution.  As  more  organizations  look  to  open  up  their  net¬ 
works  to  business  partners  and  customers,  the  perimeter 
becomes  more  porous  and  application-level  security  needs  to  play 
a  greater  role. 

2a  Build  internal  moats.  Smart  organizations  identify  their  most 
critical  and  vulnerable  resources  and  then  deploy  perimeter-like 
security  devices,  such  as  firewalls  and  IDSs,  around  them. This 
provides  an  added  layer  of  defense  and  ensures  that  in  the  event  of 
a  perimeter  breach,  critical  assets  still  are  protected. 


3. 


Protect  against  attacks  from  within.  Realize  that  your  internal 
network  is  no  longer  a  trusted  zone  and  act  accordingly. 
Technologies  such  as  Zone  Alarm's  Integrity,  which  checks  PCs  to 
ensure  they  have  the  proper  virus  signatures  and  patch  levels  in 
place  before  providing  access  to  the  network,  help  ensure  internal 
vulnerabilities  are  mitigated. 


4. 


Deploy  application-specific  security  wares.  Firewall  vendors, 
including  Check  Point,  F5  andTop  Layer  are  rolling  out  intrusion- 
prevention  systems  that  sit  between  perimeter  defenses  and  inter¬ 
nal  servers.These  devices  perform  application-specific  deep  pack¬ 
et  inspection  on  traffic  that  the  perimeter  firewall  lets  through. 

They  are  especially  effective  at  stopping  application-specific 
attacks  such  as  domain-level  attacks  that  focus  on  DNS  vulnera¬ 
bilities  or  Web  attacks  that  exploit  known  HTTP  and  FTP  holes. 


5. 


Improve  identity  management.  If  you  can’t  get  to  a  service, 
you  can’t  compromise  it.  New  technologies,  such  asTNT’s  Identity, 
look  to  ease  internal  and  external  identity  management  by  integrat¬ 
ing  with  directory  services,  such  as  Microsoft's  Active  Directory, 
and  checking  identity  at  the  packet  level.  Ensuring  that  only  author¬ 
ized  users  and  applications  are  granted  access  goes  a  long  way 
toward  shoring  up  application  security. 

6.  Integrate  security  into  application  development.  If  applications 
have  no  security  holes,  they  can't  be  breached,  no  matter  how 
insidious  the  attack.  Vulnerability  scanners  from  Spiware  and 
Sanctum  can  help  ensure  that  applications  are  hole-free  before 
deployment.  Also  examine  shrink-wrapped  products  for  proper  cod¬ 
ing  practices. 


“EVEN  IF  WE  RE  DOING 
THE  RIGHT  THINGS, 

WE’RE  NOT  SURE  OUR 
PARTNERS  ARE.” 

John  Pironti,  enterprise  solutions  architect  and  security  consultant,  Unisys 


A  better  idea  is  to  implement  strict  net¬ 
work  rights  and  identity  management,  he 
says.  “If  you  control  where  all  of  your 
users  —  both  internal  and  external  — 
can  go,  or  how  your  servers  can  commu¬ 
nicate,  then  you  can  restrict  how  the  mal¬ 
ware,  spyware  and  viruses  are  spread 
through  that  infrastructure.” 

Jarvis  says  he’s  intrigued  by  concepts 
like  new  technology  from  Trusted  Net¬ 
work  Technologies  (TNT). That  technol¬ 
ogy,  called  Identity,  integrates  with  direc¬ 
tory  services  such  as  Microsoft’s  Active 
Directory  and  brings  authentication 
and  rights  management  down  to  the 
packet  level. 

According  to  TNT,  Identity  examines 
packets,  validates  digital  signatures  and 
applies  security  policies,  and  discards 
packets  without  Identity  data  or  that  fail 
policy  Users  without  the  proper  rights  are 
not  even  aware  that  the  services  exist  on 
the  network. 

The  technology  is  appealing  because  it 
combines  network  and  application  secu¬ 
rity  at  the  TCP/IP  level,  making  it  man¬ 
ageable  across  different  environments, 
including  Windows,  Unix  and  Linux.  “I 
can  put  one  of  their  gateways  in  front  of 
my  data  center  and  you  won’t  be  able  to 
get  there  or  even  see  that  it’s  there  unless 
you’re  truly  authorized,”  Jarvis  says. 

The  downside,  he  says,  is  that  it’s  appli¬ 
ance-based  and  doesn’t  scale  well.  He 
advocates  some  kind  of  software-based 
middleware  that  would  provide  TNT-like 
authentication  between  servers  in  the 
data  center. 

“Right  now,  you  have  that  big  gooey 
middle  in  the  data  center  where  every¬ 
thing  can  talk  to  everything, ”  Jarvis  says.“If 
1  can  break  that  into,  say  1,000  logical 
domains  of  tmst,  I’ve  cut  my  security  vul¬ 
nerability  down.  If  one  of  those  logical 
domains  gets  infected,  it  can’t  infect  any¬ 
one  who  doesn’t  have  the  same  rights.” 

He  says  it’s  like  the  TNT  concept  at  the 
switch  level.“If  I  were  to  take  the  TNT  con¬ 
cept  and  then  apply  that  to  every  switch 
port  on  my  network,  I’m  there,”  he  says. 
“But  it  just  doesn’t  exist  today’ 

TNT  says  it  is  working  on  developing 
Identity  for  other  platforms,  beyond  its 
current  appliance.  The  next  iteration 
most  likely  will  take  the  form  of  a  blade, 
company  officials  say  which  should  help 
mitigate  administration  and  manage¬ 
ment  headaches. 

Good  code  hygiene 

But  adding  more  security  devices  and 


identity  management  to  the  network  only 
addresses  one  side  of  the  problem.  To 
truly  secure  your  network,  you  not  only 
need  to  block  malicious  traffic  and  en¬ 
sure  proper  authentication, you  also  need 
to  ensure  applications  aren’t  vulnerable. 

John  Pescatore,  a  vice  president  and 
research  fellow  at  Gartner,  says  leading- 
edge  companies  are  focusing  on  security 
during  application  development. 

“We’ve  started  to  see  clients  integrate 
security  testing  into  their  software  devel¬ 
opment  environment,”  he  says.  Organiza¬ 
tions  are  using  vulnerability  scanning 
tools  from  companies  such  as  Sanctum 
and  SpiDynamics  to  test  programs  as 
they  are  being  built.  “The  software  devel¬ 
opers  essentially  push  this  button  that 
says  test  the  code  for  security  and  it  gets 
done  upfront.” 

Overall,  that  approach  is  the  most  cost- 
efficient,  Pescatore  says.  “They’re  finding 
that  it’s  a  lot  cheaper  to  fix  a  security  flaw 
during  coding  than  it  is  after  it  gets 
attacked  by  a  hacker” 

But  what  about  shrink-wrapped  prod¬ 
ucts?  Rockford’s  Granneman  says  it’s  a 
constant  battle  to  ensure  the  applications 
he  purchases  don’t  have  blatant  security 
problems.  “There  is  a  serious  lack  of  un¬ 
derstanding  by  software  vendors  about 
security  he  says.  It’s  not  just  companies 
like  Microsoft  battling  holes  at  the  oper¬ 
ating  system  level.  “It’s  application  ven¬ 
dors  in  their  own  programming.” 

For  example,  he  recently  purchased  a 
Web  services  application  to  let  doctors 
digitally  sign  dictation  while  working 
from  home  via  the  Internet.  But  when  he 
went  to  implement  it,  he  saw  the  vendor 
had  included  a  “save-as”  button. 

“That’s  not  compliant  with  [the  Health 
Insurance  Portability  and  Accountability 
Act]  because  H1PAA  says  I  have  to  main¬ 
tain  control  over  who  has  access  to  that 
data  at  all  times,”  Granneman  says.  “But 
once  it’s  downloaded  to  a  home  PC,  I’ve 
lost  control.” 

When  he  pointed  out  the  problem  to 
the  vendor,  they  argued  to  leave  it  in.  “It 
was  incredible,”  Granneman  says.“l  trust 


the  doctor,  but  who  else  uses  his  PC? 
Plus,  if  he  saves  it  to  the  PC  and  then  it 
somehow  gets  infected  with  a  piece  of 
spyware  that  goes  through  the  machine 
and  starts  e-mailing  out  personal  med¬ 
ical  documents.  Well,  that’s  a  problem.” 

For  most  Web  applications  Granneman 
runs  security  scanning  software  to  check 
them  for  vulnerabilities.  “We  use  a  tool 
that  goes  through  all  the  links,  reads  them 
all  out  and  especially  looks  for  [Open 
Database  Connectivity]  connections,”  he 
says.’Tve  found  a  lot  of  vendors  will  hard- 
code  their  ODBC  user  name  and  pass¬ 
word  into  their  code,  and  you  can  see  the 
ODBC  driver  name  and  everything.  So 
when  we  see  that,  we’re  able  to  fix  it 
before  we  put  it  up.” 

He  says  he’s  also  found  such  blatant 
security  problems  as  user  and  password 
lists  in  plain  text  in  the  root  directory  and 
unencrypted  database  tables  of  user 
passwords. 

“In  all  of  these  cases,  we  found  the 
problem  and  brought  it  to  the  vendor’s 
attention,”  he  says,  not  the  other  way 
around. “They  all  claim  to  be  secure,  and 
we  try  to  ask  all  of  these  questions  up 
front,  but  we  still  find  problems.” 

The  upshot 

In  the  end,  most  users  say  the  real  solu¬ 
tion  to  securing  the  network  is  in  build¬ 
ing  and  maintaining  proper  network 
architectures  and  security  policies  —  not 
in  implementing  more  technologies. 

“A  lot  of  what  we  see  today  is  pretty 
reactive  in  nature,  with  people  running 
around  updating  signatures  and  patch¬ 
ing  systems,”  Unisys’  Pironti  says.“But  the 
key  to  getting  secure  is  in  getting  more 
proactive,  and  that  isn’t  really  based  on 
technology  It’s  more  doing  the  policy 
procedure  and  analysis  piece  upfront 
and  then  applying  your  countermea¬ 
sures.  Technology  is  just  the  tool  to  get 
there.” 

Cummings  is  a  freelance  writer  in  North 
Andover,  Mass.  She  can  be  reached  at 
jocummings@comcast.  net. 


APPLICATION 

SECURITY. 

HERE'S  HOW  TO  KNOW  WHEN 

YOU  REALLY  HAVE  IT. 


As  every  aspect  of  business  migrates  to  the  Web, 
back-end  systems  once  sheltered  are  now  exposed. 
Browser-based  applications  pass  through  the  entire  secu¬ 
rity  perimeter,  giving  users  unprecedented  access.  Little 
wonder  that  the  majority  of  attacks  today  target  the 
application  directly. 

What  can  you  do?  How  will  you  know  the  right  solu¬ 
tion  when  you  see  it? 

When  it  can  recognize  two  common  hacker  techniques 
that  pass  straight  through  most  security  solutions.  In  the 

first  case,  hackers  enter  as  one  user,  then  tamper  with  the 
Web  page  to  change  their  identity  or  escalate  privileges. 
In  the  second,  they  change  or  bookmark  the  URL  of  a 
Web  application  to  enter  restricted  areas.  Because  both 
involve  properly  formatted,  valid  looking  requests,  they 
can  only  be  blocked  by  a  solution  which  understands  the 
application  context  in  which  the  requests  are  made. 

When  it  knows  exactly  what  your  application's  traffic 
should  look  like,  and  blocks  everything  else.  The  ideal 
protection  would  be  based  on  the  application's  specific 
logic,  not  generic  traffic  patterns.  It  would  have  a  compre¬ 
hensive  understanding  of  how  the  user  interacts  with  the 
application,  and  deny  all  requests  not  known  to  be  legal. 


When  the  solution  doesn't  rely  on  attack  signatures 
or  other  patterns  of  abnormal  user  behavior. 

Incorporating  Intrusion  Prevention  Systems  (IPS)  into  tra¬ 
ditional  firewalls  still  leaves  systems  exposed  to  threats 
cloaked  as  normal  traffic.  Worse,  it  leaves  them  blind  to 
dangerous  targeted  attacks  from  legitimate  users  who 
tamper  with  inputs  to  gain  access  to  restricted  information. 

When  it  understands  the  application.  The  solution  must 
operate  at  the  application  layer,  not  the  network  layer. 

It  must  be  able  to  look  at  entire  requests-not  just  at 
packets  on  the  wire-to  tell  a  good  request  from  a  bad 
one.  That  leaves  out  network  security  products  such  as 
firewalls  and  IPS. 

* 

Traff icShield™  from  F5  is  an  Application  Firewall 
that  meets  these  standards  and  more.  There  is  no  solu¬ 
tion  on  the  market  that  solves  the  problem  as  com¬ 
pletely,  as  flexibly,  or  as  intelligently.  For  a  detailed 
analysis  of  what  you  need  to  provide  true  applica¬ 
tion  security,  visit  www.f5.com/pstnww  for  our  white 
paper,  "Application  Firewalls." 
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HP  exec  targets  security  priorities 


Tony  Redmond,  vice  presi¬ 
dent  and  CTO  at  HP  Services 
and  HP  Security  Program 
Office,  is  in  charge  of  setting 
security  strategy  for  the  com¬ 
pany's  products  and  services. 
In  an  interview  with  Network 
World  Senior  Editor  Ellen 
Messmer,  Redmond  explains 
HP’s  priorities,  including  a 
new  service  called  Active 
Countermeasures,  now  in  beta. 

What  does  HP  mean  by  trustworthy  systems? 

There’s  been  a  general  aspiration  toward  trustwor¬ 
thy  systems  for  a  long  time.  However,  the  fact  is  today’s 
architectures  that  we  have  for  PCs  and  servers  in  par¬ 


ticular  are  fundamentally  untrustworthy  because  in 
many  respects  the  basic  principles  of  those  systems 
were  laid  down  in  1981  when  IBM  designed  the  origi¬ 
nal  PC.  HP  believes  one  of  the  best  ways  to  drive 
things  forward  is  by  helping  people  in  a  collaborative 
manner  set  standards  we  can  all  build  toward.  So 
we’ve  got  a  huge  investment  in  the  Trusted  Com¬ 
puting  Group  (TCG)  where  we’re  working  with  other 
industry  heavyweights  such  as  IBM,  Intel,  Microsoft 
and  AMD  to  figure  out  what  the  next  iteration  of  sys¬ 
tems  is  going  to  be. 

In  terms  of  TCG's  chip-based  security  trusted  platform 
module  (TPM),  what  commitment  has  HP  made  in  its  lines  of 
computer  and  other  devices  to  include  TPM-based  security? 

We’re  already  shipping  product  with  TPMs  [trusted 
platform  module]  integrated  into  the  nc6000  and 
nc8000  as  optional  chips.  Most  customers  don’t  buy 
them  today  You  need  an  infrastructure  to  be  able  to 


leverage  the  chips  there.You  need  the  operating  sys¬ 
tems  and  applications  to  leverage  off  them. The  real 
change  to  trustworthy  systems  isn’t  going  to  happen 
today  or  tomorrow.  It’ll  happen  when  we  have  operat¬ 
ing  systems  such  as  Microsoft  Longhorn  and  an 
updated  version  of  Linux  and  an  updated  version  of 
Unix  that  can  exploit  the  fact  that  we  have  got  trusted 
modules  integrated  into  the  platforms.  We  have  new 
platforms  such  as  Intel’s  La  Grande  platform  available 
to  us.Today  we’re  taking  the  first  steps.  We’re  taking 
standard  PC  equipment  that  we  already  have  and 
integrating  TPMs  into  those  boxes  for  customers.  But 
if  you’re  talking  about  a  general  rollout,  1  believe  that’s 
only  going  to  happen  from  2006  onward. 

Who’s  supposed  to  be  in  charge  of  an  updated  version  of 
Linux  for  TPM?  And  the  Unix  versions  for  TPM? 

HP  will  make  it  available  through  our  Unix,  HP-UX. 

See  HP,  page  22 


Cast  Iron  device  gets  security,  file  handling  boost 


■  BY  JOHN  FONTANA 

Cast  Iron  Systems  last  week  unveiled  an 
updated  version  of  its  application  integra- 


■  After  it  unveiled  technology  to  choke 
the  spread  of  viruses  in  March,  HP  is 
now  shelving  the  Virus  Throttler  pro¬ 
ject,  citing  conflicts  with  Microsoft's 
Windows  operating  system,  the  compa¬ 
ny  says.  Virus  Throttler  was  designed  to 
alleviate  the  network  congestion  that 
often  accompanies  virus  outbreaks,  as 
one  or  more  infected  machines  flood  a 
network  with  traffic  while  searching  for 
other  vulnerable  hosts.  The  technology 
notices  changes  in  host  machine  be¬ 
havior  that  indicates  a  virus  infection 
and  chokes  attacks  by  limiting  the  fre¬ 
quency  of  outbound  communications 
from  the  host  machine  to  “throttle" 
communications  with  other  hosts.  Virus 
Throttler  worked  well  in  HP  labs  with 
products  using  HP-UX  and  Linux,  but  it 


tion  appliance  designed  to  provide  sim¬ 
plified  data-integration  capabilities  for 
corporate  projects  in  which  a  full-blown 
enterprise  application  integration  system 


required  changes  to  the  way  those  oper¬ 
ating  systems  run  that  HP  couldn't 
duplicate  on  Windows  systems.  HP  says 
it  might  use  some  of  what  it  has  devel¬ 
oped  in  future  products. 

■  MailFrontier  last  week  released  an 
appliance  designed  to  secure  e-mail 
against  malicious  activity.  The  Mail- 
Frontier  Appliance  is  run  on  an  internal 
network  and  is  designed  to  provide 
users  with  an  option  for  deploying  Mail- 
Frontier's  e-mail  security  technology.  The 
appliance  helps  block  spam,  viruses, 
phishing  and  infrastructure  attacks.  It 
also  has  a  customizable  policy  engine  to 
make  e-mail  conform  to  company  policy. 
The  appliance  comes  in  two  models:  the 
M500,  which  will  handle  up  to  54,000 
messages  per  hour;  and  the  M1000, 
which  can  handle  up  to  100,000  mes¬ 
sages  per  hour.  Pricing  starts  at  $35,000 
for  1,000  users. 


would  be  overkill. 

Cast  Iron  is  making  data  integration  more 
secure  not  only  for  transferring  data  but 
also  for  building  integration  projects  be¬ 
tween  data  repositories.  The  Application 
Router  1000  appliance  supports  data  files 
up  to  50M  bytes  in  size,  and  has  the  ability 
to  split  large  files  into  smaller  pieces  to  sim¬ 
plify  workflow. 

Companies  use  a  set  of  design  tools  to 
map  connections  between  applications 
and  then  deploy  the  rack-mounted 
Application  Router  1000  in  a  data  center. 
The  appliance  handles  protocol  and  data 
format  conversion  using  XML  and  C++  to 
optimize  performance,  workflow  and  light¬ 
weight  routing.  The  router  also  includes  a 
management  console  to  monitor  transac¬ 
tions,  guaranteed  delivery  of  messages  and 
failure  notifications. 

“It  is  interesting  that  Cast  Iron  is  not  bas¬ 
ing  this  product  on  replacing  any  existing 
middleware,”  says  Mike  Gilpin,  an  analyst 
with  Forrester  Research.  “The  issue  is  how 
easily  you  can  get  this  installed  and  how 
rapidly  you  can  get  up  and  working.” 

Gilpin  says  those  factors  will  appeal  to 
users  such  as  auto  dealerships  and  retail 
outlets  that  want  to  integrate  data  from 
remote  sites  into  their  core  networks  and 
deploy  remote  infrastructure  that  doesn’t 
take  an  administrator  to  set  up. 


He  says  security  is  another  major  factor 
and  that  Cast  Iron  has  added  support  for 
Secure  FTP  which  secures  files  on  the 
router  and  encrypts  files  on  the  wire.  Cast 
Iron  also  has  added  support  for  secure 
HTTP  to  secure  access  to  its  router  via  the 
system’s  Web  Management  Console. 

The  router  also  features  new  role-man¬ 
agement  functions  that  add  password  pro¬ 
tection  and  encryption  for  integration  pro¬ 
jects  being  developed  for  use  on  the  router. 

All  the  new  features  are  a  prelude  to 
Version  3.0  of  Application  Router  1000, 
which  will  push  integration  features 
beyond  point-to-point  connections. 

“In  3.0  we  go  from  being  a  single  box  to 
multiple  boxes  in  infrastructure  that  route 
and  visualize  transactions  on  the  network," 
says  Fred  Meyer,  CEO  of  Cast  Iron. 

The  appliance  runs  on  an  enhanced  ver¬ 
sion  of  Linux  and  has  two  10/100/ 
lOOOBase-T  data  ports  and  one  10/100/ 
lOOOBase-T  management  port.  The  device 
supports  custom  integration  but  ships  with 
support  for  ERP  .systems,  including  SAP 
and  PeopleSoft.  It  also  supports  SQL, 
Structured  Text,  XML  documents  and  Multi¬ 
purpose  Internet  Mail  Extensions,  and 
includes  preconfigured  templates  for  elec¬ 
tronic  data  interchange. 

The  router  costs  between  $30,000  and 
$100,000,  depending  on  configuration.* 
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The  U.S.  Court  of  Appeals  for  the  9th 
Circuit  has  spoken  in  the  matter  of 
the  recording  industry  vs.Grokster  et 
al.The  court  upheld  a  lower  court  ruling 
that  distributors  of  peer-to-peer  file-shar¬ 
ing  software  are  not  liable  for  copyright 
infringement. 

This  decision  was  well  reasoned  and,  if 
the  legal  precedents  were  to  be  followed, 
inevitable.  But  it  will  likely  result  in  a  far 
more  draconian  pro-copyright  legal  envi¬ 
ronment  in  the  U.S.,  an  environment  that 
could  seriously  threaten  technological 
innovation. 

Last  year  I  wrote  about  the  lower  court 
decision  in  this  case  and  explained  the 
courts  logic  in  rejecting  the  charge  of 
copyright  infringement  (www.nwfusion. 
com,  DocFinder:  3631).  The  court  of 
appeals  supported  the  lower  court’s  logic 
and  observed  the  “introduction  of  new 


Gan  anyone  down  there  spell  consumer? 


technology  is  always  disruptive  of  old 
markets,  and  particularly  to  those  copy¬ 
right  owners  whose  works  are  sold 
through  well-established  distribution 
mechanisms”  (see  DocFinder:  3632). 

The  court  of  appeals  noted  that  the 
Supreme  Court  said  it  was  Congress’job  to 
say  how  copyright  law  should  apply  to 
new  technologies  and  that  the  courts 
should  not  try  to  do  this  themselves.  But 
that  is  just  what  is  about  to  happen. 

A  few  weeks  ago  1  wrote  about  yet 
another  nightmarishly  one-sided  pro¬ 
copyright  owner  bill  introduced  by  Sen. 
Orrin  Hatch  (R-Utah)  (DocFinder:  3633). 
As  it  turned  out,  the  bill  introduced  was  at 
least  as  bad  as  the  version  that  was 
leaked.  Hatch,  after  getting  a  lot  of  pres¬ 
sure  from  more  sensible  folks,  did  agree  to 
hold  a  hearing  on  the  bill.The  senator  and 
other  members  of  the  Senate  Judiciary 
Committee  got  an  earful  at  the  hearing 
from  representatives  of  technology  and 
consumer  electronics  companies  who 
expressed  worries  that  this  would  be  an 
innovation-killing  law.  They  also  heard 
from  Marybeth  Peters,  the  U.S.  Register  of 


Copyrights,  who  thought  the  proposal  was 
just  marvy  (DocFinder:  3634). 

I  doubt  anyone  would  confuse  Peters 
with  someone  with  an  open  mind  on  the 
subject  of  copyright.  She  comes  down 
totally  on  the  side  of  copyright  holders 
and  ignores  any  possible  rights  of  individ¬ 
ual  consumers.  Actually,  I’m  wrong:  She 
did  mention  consumers  once  in  her  pre¬ 
sentation  to  the  committee.  She  said 
strong  copyright  regulation,  like  the  rules 
used  to  charge  the  Girl  Scouts  with  copy¬ 
right  infringement  for  singing  songs 
around  campfires,  are  “for  the  ultimate 
benefit  of  consumers.” 

As  a  further  indication  of  her  concern 
for  consumers,  her  statement  to  the  com¬ 
mittee  also  suggested  that  the  Supreme 
Court  decision  back  in  the  1980s  that  per¬ 
mitted  VCRs  to  be  sold  in  the  U.S.  should 
be  overturned  for  being  too  nice  to  man¬ 
ufacturers  (no  mention  of  consumers). 

There  is  no  evidence  that  Hatch 
remotely  cares  about  anyone  in  this  fight 
other  than  copyright  owners.  He  wants  to 
push  ahead  with  his  bill,  but,  maybe  to 
mollify  his  critics,  wants  to  have  some¬ 


one  else  take  a  few  weeks  to  make  sure 
the  bill  is  fair  and  addresses  any  “legiti¬ 
mate  concerns."  So  in  keeping  with  his 
history,  he  assigned  this  task  to  the  very 
same  Marybeth  Peters  (see  DocFinder: 
3635). 

A  fair  hearing  is  not  what  I  expect  from 
someone  who  clearly  feels  there  are  no 
“legitimate  concerns”  about  the  bill.  On 
the  other  hand,  the  Congressional  Budget 
Office  recently  published  a  very  balanced 
examination  of  the  trade-offs  in  this  area. 
(DocFinder:  3636).  Hatch  was  quoted  as 
saying  to  his  critics:“lf  you  help  us,  we  just 
might  get  it  right.  If  you  don’t,  we’re  going 
to  do  it.”  Translation:  Doing  something  is 
more  important  than  doing  something 
right.  A  fine  example  of  the  government 
we  seem  to  deserve. 

Disclaimer:  Harvard  more  often  does 
nothing  and  gets  it  right  than  it  does 
something  and  gets  it  wrong,  but  the 
above  rant  is  mine  alone. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sob.com 
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1  believe  IBM  will  make  it  available 
through  their  Unix.  In  terms  of  Linux,  HP 
has  a  big  interest  because  we  have  a 
huge  business  in  terms  of  shipping 
Linux  servers.  And  we  have  a  Linux  busi¬ 
ness  unit  that  builds  software  for  those 
systems.  But  we  haven’t  figured  out 
those  details  yet.  But  one  thing  is  clear, 
HP  and  [TCG]  have  been  in  consider¬ 
able  dialogue  with  governments  to 
make  it  veiy  clear  to  them  we’re  not 
building  in  a  dependency  on  a  single 
operating  system  for  trusted  systems.  We 
want  this  to  be  heterogeneous. 

What  is  HP  doing  in  identity  management? 

You  can  have  the  most  trustworthy  sys¬ 
tems  you  like,  but  if  you  have  weak  pass¬ 
words  and  too  many  accounts,  and  peo¬ 
ple  swap  passwords,  then  they  fail. The 
problem  is  caused  fundamentally  by  the 
fact  that  every  system  that  seems  to  be 
deployed  is  insisting  on  its  own  creden¬ 
tials.  Our  view  is  that  this  situation  only 
can  be  solved  by  the  advent  of  true  fed¬ 
erated  identity  management.  And  that’s 

5  what  we’re  aiming  for.  Now  true  federat¬ 
ed  identity  management,  again,  is  a  long¬ 
term  play  So  we  have  to  take  some  ini¬ 
tial  steps  to  get  there.  And  our  initial 
steps  are  in  two  particular  areas;  within 
the  Open  View  business,  to  build  an 
identity  management  suite  of  products, 
and  you’ve  seen  us  go  to  market  and 
acquire  Select  Access  and  TruLogica, 


which  is  now  named  Select  Identity.  For 
the  past  year  or  so,  integrating  them  into 
Open  View  to  provide  major  value  to  cus¬ 
tomers  that  want  an  identity-manage¬ 
ment  solution.  Select  Access  and  Select 
Identity  provide  provisioning  and  grant 
privileges  as  they  move  between  differ¬ 
ent  jobs  according  to  security  policy 

What  standards  are  important  here? 

The  Liberty  Alliance  is  a  very  impor¬ 
tant  consortium  that’s  trying  to  drive 
standards  in  the  identity-management 
space  and  is  having  some  success 
around  protocols  such  as  Security 
Assertion  Markup  Language. We’re  also 
conscious  Microsoft  has  an  effort  in  this 
space  they  announced  recently  called 
Web  Services  Federation.  So  we’re  work¬ 
ing  closely  with  Microsoft  to  make  sure 
the  two  potential  standards  efforts  don’t 
get  out  of  sync.  In  our  view,  the  long-term 
win  for  the  industry  would  be  to  have 
one  standard.  I’m  optimistic  that  we  will 
get  to  that  stage  slowly  but  surely,  where 
we  can  have  the  ability  to  let  users  go  to 
a  single  point  of  authority  gain  some  net¬ 
work  credentials  from  that  authority  and 
then  be  able  to  use  those  credentials  to 
go  from  one  system  to  another  without 
being  forced  to  constantly  re-authenti- 
cate  themselves. 

What  about  proactive  security  management? 
It's  an  idea,  but  how  is  that  specifically  put 
forth  as  products  or  services? 

The  problem  we  see  today  is  the  rate 
of  attacks  is  growing  on  an  exponential 
curve,  and  those  attacks  are  being  per¬ 
formed  at  a  computational  speed.  For 


example,  a  few  years  ago  we  worried 
about  floppy  disks  because  that  was  the 
way  things  spread. Then  we  got  worried 
about  e-mail  viruses.  Now  we  get  wor¬ 
ried  about  the  likes  of  Slammer  and 
Blaster,  which  can  reach  out  and  con¬ 
nect  to  a  thousand  systems  in  a  second. 
That  kind  of  rate  of  increase  of  potential 
infection  is  too  difficult  and  hard  for 
human  beings  to  cope  with.  So  the  re¬ 
searchers  in  the  labs  felt  the  only  thing 
they  could  do  was  to  move  from  a  reac¬ 
tive  to  a  proactive  stance  to  make  the 
computers,  the  infrastructure,  do  more  to 
protect  itself. The  lab  researchers  started 
working  on  this  technology  around  the 
middle  of  2002.  We  have  something 
called  Active  Countermeasures  that’s 
been  in  production  at  HP  for  roughly 
two  years, although  it’s  still  in  its  early 
stages.  We  use  it  to  protect  a  network 
running  in  176  countries  that  supports 
an  average  of  250,000  network  devices 
on  a  daily  basis. 

What  exactly  is  Active  Countermeasures? 

The  thought  behind  it  is  very  simple.  A 
worm  or  a  virus  exploits  a  vulnerability 
to  infect  a  system.  If  we  can  decompose 
that  vulnerability  to  understand  it  and 
then  go  and  interrogate  a  system  to  vali¬ 
date  whether  it’s  open  to  that  vulnerabil¬ 
ity  we  can  then  detect  where  the  vulner¬ 
able  systems  are  in  the  network.  And 
then  go  and  deposit  a  remediation  pack¬ 
age  on  that  system,  which  is  similar  to 
what  a  worm  does  because  a  worm 
interrogates  a  system  to  see  if  it’s  vulner¬ 
able,  and  if  it  is  it  then  deposits  a  malig¬ 
nant  payload.  Now  the  remediation 


package  we  deposit  is  not  malignant. 

It’s  there  to  close  off  the  vulnerability 
And  it  could  be  as  simple  as  just  flag¬ 
ging  the  system  administration  to  say 
you  have  to  go  do  something,  such  as 
turn  off  this  port.  Or  it  could  be  some¬ 
thing  as  fundamental  as  ‘We’ve  detected 
your  system  is  fundamentally  unsecure, 
and  we  are  closing  it  down  now’  And 
then  go  and  perhaps  update  the  start-up 
menu  for  this  system  to  say  before  you 
start  this  system  again  you  have  to  apply 
these  patches  before  applying  to  get  on 
the  network.  We’re  doing  this  today  and 
it's  helped  us  resist  every  outbreak  of 
worms  and  viruses  since  2002. 

Does  this  involve  an  agent  running  on  your 
devices? 

No,  it’s  not  an  agent.  We  have  a  set  of 
Linux  systems  that  are  dotted  around 
our  network,  constantly  scanning  sys¬ 
tems  by  their  IP  addresses  for  vulnera¬ 
bilities.  The  HP  network  spans  two  Class 
A  network  addresses,  so  we  know  that 
this  technology  is  very  scalable  and  it 
works.  Every  system  on  the  HP  network 
gets  probed  twice  a  day. 

Are  any  customers  using  it  today? 

I  can’t  give  you  names,  but  I  can  tell 
you  one  is  a  very  large  European  bank 
and  the  other  is  a  very  large  federal  U.S. 
agency,  and  others  are  also  ready  to 
kick  in.  With  these  customers  we’re  fig¬ 
uring  out  how  to  take  technology  that’s 
been  molded  to  doing  things  the  way 
we  do  at  HRand  bring  it  into  customer 
networks  so  we  understand  how  to 
make  it  more  generally  available.  ■ 
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At  an  EMC  Forum,  see  how  today’s  storage  and  information  management 


STRATEGIES  CAN  HELP  YOU  SOLVE  YOUR  BIGGEST  IT  CHALLENGES.  You’ll  be  on  the 


fast  track  to  discovering  how  information  lifecycle  management  helps  you  maximize  the  £ 
value  of  information,  at  the  lowest  total  cost  of  ownership,  at  every  point  in  its  lifecycle.  J 


In-depth  presentations,  EMC  and  industry  experts,  best-practice  reviews,  and  breakout  and  J 
Q&A  sessions  give  you  insights  on  how  to: 


Simplify  Exchange  &  Oracle  migrations 
Align  data  value  to  business  needs 
Simplify  storage  management 
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Gain  measurable  TCO  savings 
Meet  compliance  regulations 
And  much  more 

■ 
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See  up-to-date  seminar  details,  agendas,  and  more  on  our  registration  site.  .  ■ 

Register  now  at  www.EMC.com/forumseries. 

■Mm.&x-'- -  -  ■■  ••*&**■ 


Toronto,  Ontario,  Canada 

September  8 

Los  Angeles,  September  15 

Boston,  September  21 

Minneapolis,  October  5 

Sao  Paulo,  Brazil 

October  5 

Attendance  is  FREE,  but 
seats  are  limited.  Register  now. 
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To:  starting  to  do  it  tomorrow 
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Manual  to  Automated  in  Under  an  Hour 


New  Sitekeepef  3.1  is  the  budget-friendly,  easy-to-use 
solution  to  automating  your  systems  management 

How  do  you  know  if  you  need  Sitekeeper?  If  you’re  not  100%  certain  that  all 
your  software  is  properly  licensed...  if  news  of  a  security  patch  means 
changing  your  plans  for  the  weekend...  if  you  inventory  your  hardware  and 
software  with  a  spreadsheet  or  a  clipboard...  if  your  current  systems 
management  solution  is  overpriced,  complicated  bloat-ware  that  never  seems 
to  work  correctly...  you  need  Sitekeeper! 

With  Sitekeeper,  you  can  keep  your  site  safe,  legal  and  secure,  avoid  legal 
action  and  over-buying,  and  never  worry  about  missing  a  single  security 
patch— all  with  point-and-click  ease.  No  special  training  or  dedicated  server 
required — with  Sitekeeper  you  can  start  managing  within  minutes  of 
installation.  Get  Sitekeeper  now! 

Sitekeeper  point  and  click  features: 

•  Automate  your  systems  management  in  under  an  hour 

•  Perform  fast,  accurate  hardware  and  software  inventories 

•  Generate  quick,  comprehensive  license  compliance  reports 

•Zero  in  on  machines  that  are  missing  specified  patches,  updates  and 

service  packs 

•  Remotely  install  software,  patches  and  updates  on  any  or  all  machines  on 

your  network 


“I  use  Sitekeeper  to  push  out  security  updates  and 
keep  track  of  what  is  on  each  and  every  system. 
Time  is  a  luxury  I  don’t  have  and  Sitekeeper 
speeds  things  up  tremendously.” 

—  Matt  Sorrow,  Magnum  Pacific,  Inc. 

Go  from  manual  to  automated 
in  under  an  hour  todav! 


Automated  Systems  Management-Simplified 

For  more  info  and  free  30-day  trialware, 

call  1-800-829-6468  code:  4295,  or  visit 

www.  executive .  com/n  wsk34 


Executive  software 


©2004  Executive  Software  International.  All  Rights  Reserved.  SITEKEEPER,  EXECUTIVE  SOFTWARE  and  the  Executive  Software  logo  are  registered  trademarks  or  trademarks  of  Executive  Software  International,  Inc.  in  the  United  States 
and/or  other  countries.  All  other  trademarks  and  brand  names  are  the  property  of  their  respective  owners  Executive  Software  International.  Inc.  •  7590  N  Glenoaks  Blvd.  Burbank.  CA  91 504  *  800-829-6468  •  www.executive.com 
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Nextel  tests  wireless  broadband  waters 


FLASH-OFDM  lets  users  rely  on  same  technology  at  home  and  work. 


■  BY  DENISE  PAPPALARDO 

Six  months  ago  Nextel  became  the  first 
U.S.  company  to  launch  a  broadband 


■  VoIP  service  provider  Vonage  is 
partnering  with  Cisco's  Linksys  divi¬ 
sion  to  provide  equipment  for  Internet- 
based  telephone  service  customers. 
The  partnership  will  kick  off  with 
Linksys  providing  broadband-to-phone 
adapters  and  wired  routers  that  incor¬ 
porate  that  adapter  technology,  but  it 
soon  will  branch  out  with  Wi-Fi  equip¬ 
ment  and  could  lead  to  wireless  LAN 
phones,  according  to  the  companies. 
Vonage  also  announced  a  deal  with 
Netgear  to  develop  a  voice-enabled 
Wi-Fi  router  followed  by  a  wired  VoIP 
adapter/router.  Those  products  should 
ship  in  time  for  the  holiday  shopping 
season,  possibly  as  early  as  October, 
the  companies  said. 

■  AT&T  last  week  signed  a  three-year, 
$1.6  million  deal  with  KRM  Infor¬ 
mation  Services,  under  which  KRM 
would  buy  toll-free  and  long-distance 
voice  and  dedicated  Internet  access 
services  from  AT&T.  KRM  provides 
virtual  seminar  services  used  for 
training,  marketing  and  events  over 
the  Internet.  KRM  was  already  an 

AT &T  customer  and  decided  to  renew 
its  contract  with  the  carrier.  KRM 
also  uses  AT&T’s  BusinessDirect  por¬ 
tal,  which  will  let  the  company  access 
real-time  network  performance 
reports  and  check  on  orders,  issue 
trouble  tickets  and  manage  its  bills. 

■  Qwest  and  Verizon  last  week 
urged  a  federal  court  to  scrap  tempo¬ 
rary  rules  preventing  RBOCs  from 
increasing  wholesale  rates  they 
charge  competitors  for  at  least  six 
months.  Two  weeks  ago,  the  FCC 
issued  the  rate  freeze,  which  coun¬ 
tered  an  order  by  the  U.S.  Court  of 
Appeals  for  the  District  of  Columbia. 


Stacking  up  wireless  broadband 

Flarion’s  FLASH-OFDM  is  hardly  the  only  broadband  wireless  technology  out  there. 
Here's  how  it  compares. 


Technology 

Speed 

Bands 

Standard 

FLASH-OFDM 

200K  to  1M  bit/sec 

400  MHz  to  3.6  GHz 

No 

Wi-Max,  802.16a* 

Up  to  70M  bit/sec 

3.5  GHz  to  5.8  GHz 

Yes 

EV-DO 

300K  to  2.4M  bit/sec 

800  MHz  to  1.9  GHz 

Yes 

*This  Is  a  fixed  wireless  standard.  There  is  a  mobile  Wi-Max  standard  In  the  works 


wireless  service  trial  based  on  Flarion’s 
Fast  Low-latency  Access  with  Seamless 
Handoff-Orthogonal  Frequency  Division 
Multiplexing  technology.  Since  then,  the 
carrier  has  expanded  the  geographic 
reach  of  its  Nextel  Broadband  service  and 
attracted  paying  customers. 

Flarion’s  Fast  FLASH-OFDM  is  one  of  a 
handful  of  wireless  broadband  technolo¬ 
gies  being  touted  today  (see  graphic). 
While  Nextel  is  testing  the  waters  with  this 
proprietary  technology  that  promises  high 
speeds  and  low  latency  even  when  an 
end  user  is  on  a  train  or  in  a  car,  competi¬ 
tors  Sprint  and  Verizon  Wireless  are  focus¬ 
ing  on  Evolution-Data  Optimization  (EV- 
DO)  services. 

FLASH-OFDM  is  an  inverse  multiplexing 
technology  that  divides  a  high-speed 
channel  into  parallel  low-speed  channels 


■  BY  DENISE  PAPPALARDO 

WilTel  Communications  announced  last 
week  that  it’s  teaming  with  VeriSign  to 
offer  users  managed  firewall  and  intru¬ 
sion-detection  services. 

The  effort  is  part  of  an  ongoing  expan¬ 
sion  of  enterprise  services  from  WilTel, 
which  focused  entirely  on  servicing  other 
carriers  before  May  (see  www.nwfu 
sion.com,  DocFinder:  3639.  Earlier  this 
month,  WilTel  announced  two  managed 
customer  premises  equipment  services 
through  a  partnership  with  outsourcer 
SevenSpace  (DocFinder:  3640). 

The  new  Managed  Security  Services 
packages  include  prepackaged  hard¬ 
ware,  software,  network  configuration 
and  setup  through  VeriSign,  which  also 
will  manage  and  monitor  the  services. 
The  two  security  offerings  initially 
include  managed  firewall  and  managed 
intrusion-detection  services,  which  are 
bundled  with  dedicated  T-l  or  T-3 
Internet  access  from  WilTel. 

The  services  start  at  about  $2,000  per 
month  with  a  one-time  setup  fee  of  about 
$3,000. 

WilTel  is  not  the  first  carrier  to  team  with 


that  do  not  overlap,  says  Craig  Mathias, 
principal  at  consulting  firm  Farpoint 
Group. 

“It’s  more  like  [Code  Division  Multiple 
Access]  spread  spectrum  technology^  he 
says.’Tt  gives  you  similar  process  gains  and 
reliable  signal  strength.” 


VeriSign  to  offer  users  managed  security 
services.  In  April,  MCI  announced  man¬ 
aged  public-key  infrastructure  (PKI)  ser¬ 
vices  that  let  organizations  authenticate 
users  and  networks  for  an  added  level  of 
security. The  companies  also  develop  cus¬ 
tom  security  services  for  MCI  customers 
(DocFinder:3641). 

Michael  Ladem,  program  manager  of 
enterprise  networking  trends  and  oppor¬ 
tunities  at  consulting  firm  Stratecast 
Partners,  says  WilTel  is  on  the  right  track 
with  its  enterprise  service  offerings.  He 
adds  that  it  would  make  sense  for  WilTel 
to  expand  its  relationship  with  VeriSign  to 
offer  PKI  identity  services.  He  says  WilTel 
also  should  consider  rolling  out  managed 
VoIP  services  and  striking  partnerships 
with  public  Wi-Fi  vendors. 

WilTel  delivers  wholesale  VoIP  services, 
but  has  not  announced  any  plans  for  busi¬ 
ness  VoIP  offerings  and  has  not  outlined  a 
Wi-Fi  strategy  ■ 


Security 

Subscribe  to  our  free  newsletter. 
DocFinder.  5434  www.nwfusion.com 


Other  technologies  such  as  EV-DO 
depend  on  code  lengths  to  transmit  data, 
which  under  bad  conditions  can  hurt  reli¬ 
ability  and  increase  latency,  Mathias  says. 

Unlike  one  competing  technology, 
802.16a  (also  called  Wi-Max),  FLASH- 
OFDM  supports  mobile  and  fixed  users  at 
200K  and  up  to  3M  bit/sec,  respectively  The 
IEEE’s  802. 16d  specification  adds  mobile 
support,  but  it  has  not  been  ratified. 

Although  FLASH-OFDM  is  proprietary, 
Flarion  is  working  closely  with  the  IEEE 
on  the  standards  group’s  802.20  Mobile 
Broadband  Wireless  Access  specification. 

But  how  is  FLASH-OFDM  working  in  the 
real  world?  In  February,  Nextel  an¬ 
nounced  its  market  trial  in  Raleigh- 
Durham.N.C.  Cisco,  IBM  and  Nortel,  each 
supplying  equipment  or  outsourcing  ser¬ 
vices,  also  offered  up  their  employees  to 
test  the  service. 

“The  service  has  been  great  in  terms  of 
allowing  users  to  bridge  work  and 
home,”  says  Brian  Dalgetty,  worldwide 
director  of  wireless  marketing  at  IBM  and 
one  of  75  IBM  employees  testing  the  ser¬ 
vice.  Tve  used  it  in  the  office,  at  home 
and  while  traveling  by  car.  The  perfor¬ 
mance  has  been  outstanding  in  any 
mobile  situation.” 

In  April  the  service  provider  expanded 
its  Nextel  Broadband  service  to  paying 
customers  and  also  extended  the  geo¬ 
graphic  reach  of  its  Raleigh-Durham  mar¬ 
ket  to  include  Research  Triangle  Park  and 
Chapel  Hill.  All  in  all,  the  service  is  avail¬ 
able  across  1 ,300  square  miles. 

Fonville  Morisey  a  real  estate  brokerage 
in  the  Research  Triangle  Park  area,  has 
been  testing  the  service.  Employees  are 
using  it  in  the  office,  at  home  and  while 
showing  homes  to  potential  buyers,  says 
Kerry  Noble,  a  broker. 

“Whenever  I’m  showing  a  home  to  a 
See  Nextel,  page  26 


WilTel  and  VeriSign  team 
on  security  services 
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EYE  OK  THE 
CARRIERS 

Johna  Till 
Johnson 


MS  I  can  finally  say  it:  They’re 
■  IK  crooks.  I’m  talking  about  the 
^fel’tl'Kjguys  who  almost  single- 
handedly  managed  to  drive  the  telecom 
industry  into  the  ground  with  their  over¬ 
weening  greed  and  ego.  Guys  like: 

•  Jack  Grubman,  the  research  analyst 
who  shaded  his  telecom  research  to  win 
banking  business  from  companies  he  cov¬ 
ered  (and  get  his  kids  into  a  pricey 
preschool),  who  was  banned  for  life  from 
the  securities  business  and  whose  firm 
paid  $400  million  on  his  behalf  to  settle 
charges  of  fraudulent  stock  analysis. 

•  Scott  Sullivan,  former  CFO  at  MCI,  who 
pleaded  guilty  this  spring  to  “knowingly 
and  consistently”  manipulating  financial 


Good  riddance  to  a  bad  crew 


results,  plunging  his  company  into  bank¬ 
ruptcy  destroying  24,000  jobs,  and  wiping 
out  some  $180  billion  —  yes,  that’s  billion 
with  a  “b”  —  of  shareholder  value.  His 
boss,  Bernie  Ebbers,  is  under  indictment 
for  the  same  crimes,  so  call  him  an 
alleged  crook. 

•  Gary  Winnick,  founder  and  former 
CEO  of  Global  Crossing,  who  has  been 
charged  with  misrepresenting  his  com¬ 
pany’s  finances,  blowing  through  nearly 
$10  billion  in  shareholder  value  and  5,000 
jobs  while  pocketing  more  than  $500  mil¬ 
lion  in  annual  compensation. 

Like  Ebbers,  Winnick  still  is  being  tried 
so  I  can’t  call  him  a  crook.  I’ll  leave  that 
language  to  federal  judge  Gerard  Lynch, 
the  federal  judge  overseeing  a  civil  suit 
against  Winnick  by  the  banks  that  loaned 
him  money.  Lynch  reportedly  said  recent¬ 
ly:  “I’m  prepared  to  look  at  this  case  as  a 
bunch  of  crooks  getting  sued  by  a  bunch 
of  bankers  who  are  too  dumb  to  stop 
throwing  money  down  the  toilet.” 


Couldn’t  have  said  it  better  myself.  In 
fact,  1  couldn’t  have  said  it  at  all,  until 
recently  Earlier  on,  when  many  of  the  ver¬ 
dicts  had  yet  to  be  decided,  my  editors  at 
Network  World  politely  asked  me  to  sub- 

OK,  I  can  finally  say  it 
They're  crooks. 

stitute  the  word  “huckster”  when  I  referred 
to  the  aforementioned  bunch  of  crooks. 
The  editors  pointed  out  that  the  presump¬ 
tion  of  innocence  still  should  apply,  no 
matter  how  disagreeable  the  individuals 
to  which  it’s  applied. 

Fair  enough.  But  now  the  judges  and 
juries  have  (almost)  all  spoken,  and  the 
verdict’s  in: They’re  crooks. 

I  know  we’re  all  ready  to  forget  about  the 
past,  let  bygones  be  bygones  and  start 
focusing  on  the  tech  resurgence.  But 


before  we  put  the  past  completely  behind 
us,  it’s  worth  a  final  postmortem  analysis. 
The  important  point  is  that  a  lot  of 
the  damage  in  the  telecom  sector  was 
self-inflicted. 

Yes,  the  telecom  market  has  undergone 
a  seismic  shift  —  one  that’s  dramatically 
changed  telecom  services  and  compa¬ 
nies.  And  yes,  the  market  economics  has 
changed  distinctly.  But  the  take-away  les¬ 
son  shouldn’t  be  that  telecom  is  a  market 
disaster.  Despite  all  their  failures,  lies  and 
market  manipulations,  the  gang  of  crooks 
actually  got  one  thing  right:  the  vast 
potential  of  communications  technology 
to  change  the  world.  And  that  change  is 
still  going  on  —  even  now  that  Sullivan 
and  the  others  are  facing  their  much- 
deserved  sentences. 

Johnson  is  president  and  chief  research 
Officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


Carriers  say  regulation  would  stifle  VoIP 

Panel  members  cite  technical  challenges,  competitive  issues. 


■  BY  TIM  GREENE 

PROVIDENCE,  R.l.  —  Regulators  should 
take  a  hands-off  approach  to  VoIP  services, 
a  panel  of  service  providers  told  state  tele¬ 
com  directors  last  week. 

“We  believe  regulators  must  leave  VoIP 
alone,”  said  Steve  Davis,  senior  vice  presi¬ 
dent  of  government  affairs  for  Qwest,  at  the 
annual  National  Association  of  Tele¬ 
communications  Directors  conference. 

The  technology  is  too  different  from  tra¬ 
ditional  circuit-switched  voice  to  warrant 
the  same  type  of  regulation,  Davis  said.  For 
example,  while  carriers  traditionally  have 
charged  differently  for  local  and  long-dis¬ 
tance  calls, “with  VoIRit’s  impossible  to  tell 
the  distance,”  Davis  said.  And  in  a  con¬ 
verged  network  that  carries  voice  and 
data,  packets  are  indistinguishable  to  net¬ 
work  devices,  he  said. 

Robert  Tanner, senior  legal  council  to  the 
FCC,  said  the  agency  is  aware  that  VoIP  is 
different  from  traditional  voice  and  is  try¬ 


ing  to  keep  from  going  too  far. 

Another  concern  about  VoIP 
lation  is  that  it  also  could  sti¬ 
fle  competition  by  imposing 
fees  that  would  drive  up  the 
cost  of  delivering  service  and 
undercut  start-up  carriers’ 
business  models,  said  Jill 
Broome,  vice  president  of 
regulatory  affairs  for  Cox 
Communications,  which  of¬ 
fers  VoIP  services  on  its  cable  net¬ 
works.  “No  voice  carrier  should  be 
put  at  a  disadvantage  because  of  the 
technology  they  use,”  she  says. 

Jeffery  Smith,  a  policy  analyst  for 
an  organization  that  represents  more 
than  400  rural  phone  companies, 
said  regulation  could  slow  availabili¬ 
ty  of  IP  services  to  remote  towns  by  mak¬ 
ing  it  unprofitable  for  service  providers. 

Vint  Cerf,  senior  vice  president  of  technol¬ 
ogy  strategy  for  MCI,  said  regulators  should 
ask  what  public  good  they  serve  by  regulat- 


kk  Voice  isjustoneof 
a  thousand  things  you 
can  do  with  the 
Internet.  To  focus  on  it 
for  regulation  can  be 
confiising  if  not 
destructive.  91 

Vint  Cerf 

Senior  vice  president 
of  technology  strategy,  MCI 

ing  VoIBwhich  should  be  their  only  goal. 

“Voice  is  just  one  of  a  thousand  things 
you  can  do  with  the  Internet,”  Cerf  says.“To 
focus  on  it  for  regulation  can  be  confus¬ 
ing,  if  not  destructive.”  ■ 


regu- 


Nextel 

continued  from  page  25 

client  and  want  more  detail,  I  can  look  up 
that  information  right  there,”  he  says.  Noble 
says  he  can  look  up  county  records  or  even 
other  homes  the  client  might  be  interested 
in  on  the  spot. 

“It  has  been  very  good  from  the  stand¬ 
point  of  immediate  access  to  informa¬ 
tion,"  Noble  says.“We  didn’t  have  anything 
like  this  before.” 

Noble  says  he  sees  the  service  as  a  DSL 
replacement  because  he  can  use  Nextel 
Broadband  at  work  and  home.  “A  couple 


of  clients  have  also  expressed  interest  in 
signing  up  for  the  service  once  they  see 
how  it  works,”  he  says. 

FLASH-OFDM  is  the  only  technology 
Nextel  is  testing  in  North  Carolina,  but  the 
company  is  also  exploring  alternatives 
such  as  EV-DO  in  its  labs,  says  Bin  Shen, 
senior  director  of  strategic  planning  at  the 
wireless  service  provider.  The  carrier  isn’t 


Wireless 
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quite  ready  to  offer  FLASH-OFDM  every¬ 
where,  as  Nextel  continues  to  evaluate 
customer  acceptance,  pricing  plans  and 
performance,  Shen  says. 

Nextel  Broadband  is  available  in  a 
handful  of  bundles  that  start  at  $35 
per  month  for  up  750K  bit/sec  upstream, 
200K  bit/sec  downstream  and  no  more 
than  105M  bytes  of  usage  per  month. 
At  the  high  end,  the  service  costs  $75 
per  month  for  1.5M  bit/sec  upstream 
and  375K  bit/sec  downstream  and 
unlimited  usage  per  month.  Nextel  is 
charging  $50  for  wireless  modems  and 
PC  cards.  ■ 


NTT  DoCoMo 
branches  out 
with  3G  device 

■  BY  BY  PAUL  KALLENDER 

NTT  DoCoMo  says  it  will  release  early 
next  year  a  Motorola-made  handset  com¬ 
patible  with  non-Japanese  cellular  net¬ 
works  and  with  its  own  3G  mobile  net¬ 
work.  The  announcement  comes  eight 
months  after  DoCoMo,  Japan’s  largest  car¬ 
rier,  said  it  was  investing  about  $344  mil¬ 
lion  over  two  years  in  Motorola  and  five 
other  companies  to  develop  advanced 
handset  technologies  compatible  with 
Wideband  Code  Division  Multiple  Access. 

Motorola  was  the  only  non-Japanese 
handset  maker  to  be  a  part  of  the  devel¬ 
opment  project.  The  other  companies 
were  Fujitsu,  Mitsubishi  Electric,  NEC, 
Panasonic  Mobile  Communications  and 
Sharp.  The  new  terminal  will  support 
WCDMA,  which  DoCoMo  uses,  and  GSM 
and  General  Packet  Radio  Service  stan¬ 
dards,  which  most  cellular  networks 
around  the  world  use. 

Other  features  include  the  ability  to 
access  HTML-based  Web  sites.  DoCoMo 
phone  browsers  use  I-mode,  the  com¬ 
pany’s  mobile  Internet  platform,  to  access 
Web  sites.  Such  browsers  can  presently 
only  access  a  special  version  of  HTMLThe 
Motorola  terminal  will  be  the  first  from 
DoCoMo  to  support  public  wireless  LAN 
(WLAN)  access,  and  the  first  to  download 
Microsoft  Word,  Excel  and  PowerPoint  files 
as  e-mail  attachments.  DoCoMo  will 
release  another  WLAN-compatible  termi¬ 
nal,  the  N900iL  by  NEC,  by  year-end. 

Kallender  is  a  Tokyo  correspondent  with 
IDG  News  Service 
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Microsoft®  Windows®  XP  Service  Pack  2  Download  and  evaluate  the  latest  updates  for 
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Free  Security  Tools  React  more  effectively  to  potential  security  threats.  Take  advantage  of 

free  tools  and  technologies  like  the  Microsoft  Baseline  Security  Analyzer  and  Software  Update  Services. 
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resource.  For  proactive  protection  and  ongoing  guidance,  visit  microsoft.com/security/IT  today. 
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FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 


ventures  in 


Our  intrepid  editor —  and  a  part-time 


teleworker  notebooks 

teleworker  —  put  three  machines  to  the  ‘schlep  around’  test 


■  BY  KEITH  SHAW 

The  world  of  work  is  always  changing;  yet, 
our  notebooks  stay  the  same.That  brick  that 
used  to  stay  docked  in  the  office  sees  a  lot 
more  wear  and  tear  today  —  carried  from 
corporate  to  home  office,  Starbucks,  book¬ 
stores  —  anyplace  with  a  Wi-Fi  hot  spot. 

If  this  is  how  you  work,  or  you’re  tasked 
with  supporting  teleworkers  and  roving 
employees,  you’ll  want  notebook  features 
that  cut  down  on  support  costs  by  making 
it  easier  for  your  IT  staff  to  fix  problems 
remotely,  and  easier  for  users  to  fix  prob¬ 
lems  on  their  own.  We  recently  tested  three 
models  with  innovative  hardware  and  soft¬ 
ware  features  suited  to  this  crowd  (see 
www.nwfusion.com,  DocFinder  3642  for 
more  product  details). 

Fiyitsu  LifeBook  S2000 
Price:  About  $1,200 
to  $1,600 

We  really  liked  the 
LifeBook’s  full-size 
keyboard  —  espe¬ 
cially  the  tactile 
response  we  got 


Fujitsu  LifeBook 
S2000 


when 
typing 
and  the  integrated 

CD/DVD  drive,  which  let  us  install  applica¬ 
tions  without  attaching  another  device.The 
unique  features  and  bundled  software  are 
appealing  and  can  reduce  costs,  especially 
the  PowerQuest  Drive  Image  Special 
Edition  (D1SE),  which  lets  you  restore  the 
system  to  an  original  state. 


Other  unique  applications  —  NewsStand 
Reader,  Zinio  Reader  and  Journal  Viewer 
—  didn’t  do  much  for  us,  although  the 
Security  Application  Panel,  which 
adds  a  new  layer  of  security, 
intrigued  us.  We  would  have 
preferred  getting  Microsoft 
Office  instead  of  Works, 
though  —  bundling  . 

Works  is  like  giving  A 
someone  a  new  car  ^ 
with  one  of  the  tires 
replaced  with  a  tem¬ 
porary  spare.We  also  prac¬ 
tically  never  used  the 
touchpad;  instead,  we 
installed  a  USB  mouse  for 
better  navigation. 

We  had  no  problems  with  the  system 
when  traveling,  although  the  ThinkPad  X40 
was  lighter.This  would  be  an  excellent  note¬ 
book  for  remote  workers  or  infre¬ 
quent  mobile  travelers  who  want 
everything  in  a  simple  package.  The 
larger  keyboard  and  integrated  opti¬ 
cal  drive  make  it  a  nice  laptop  for  the 
mobile  worker  who  wants  to  install 
applications  on  the  road, and  the  DISE 
can  help  restore  a  system  without  hav¬ 
ing  to  ship  it  to  headquarters  or 
Fujitsu. 

IBM  ThinkPad  X40 
Price:  About  $1,500  to  $2,200 

We  have  a  love-hate  relationship 
with  the  X40.We  love  the  included  soft¬ 
ware  —  the  Access  IBM  button  and  utilities, 
the  Rescue  and  Recovery  with  Rapid  Re¬ 
store,  the  Active  Protection  System  and  the 
Access  Connections  wireless  LAN  (WLAN) 
utility  The  additional  hardware  features  are 
also  useful,  such  as  the  ThinkLight  and  the 
Secure  Digital  slot.  But  we  were  frustrated 
with  the  system’s  long  start-up  time.The  X40 


took  longer  to 
boot  than  the  oth¬ 
ers,  as  long  as  our  old 
Windows  2000  HP/ 
Compaq  Evo  brick  system. 
Starting  the  system  up  once 
and  then  moving  to  standby 
mode  was  a  workaround  we’d  rather 
do  without. 

We  also  weren’t  com¬ 
pletely  sold  on  the  small¬ 
er  keyboard  and  the 
lack  of  integrated 
optical  drive.  When 
typing  fast  we  make 
more  mistakes  on  smaller 
keyboards.  While  we  had  an 
optical  drive  that  connected  via 
USB  cable,  it’s  a  hassle  to  bring  that 
along  (and  safely  pack  it  when  travel- 
ing).When  we  left  the  drive  at  home, would¬ 
n’t  you  know  we  received  some  material  on 
a  CD  that  we  couldn’t  access? 

This  system’s  low  weight,  extra  battery 
options  and  wireless  connectivity  make  it 
great  for  workers  who  need  to  take  a  note¬ 
book  everywhere. But  if 
you  don’t  travel  much, 
the  lack  of  an  integrated 
optical  drive  might  frus¬ 
trate  you  —  unless  you 
spring  for  a  docking  sta¬ 
tion  or  external  optical 
drive,  or  both.  But  carting 
around  those  extras 
seems  to  defeat  the  pur¬ 
pose.  Even  in  the  car,  we’d 
prefer  an  optical  drive  built 
into  the  notebook  rather  than 
dangling  off  to  the  side. 

Toshiba  Tecra  M2  series 
Price:  About  $1,350  to  $1,900 

Teleworkers  looking  at  the  Tecra  M2  will 


appreciate  its  performance  features,  which 
include  an  Intel  Centrino  system  (with  inte¬ 
grated  WLAN,  power-saving  features  and 
processor  speeds  between  1.4  and  1.7 
GHz);  an  NVIDIA  GeForce  FX  Go5200  (with 
32M  or  64M  bytes  of  memory);  and  up  to 
11.5  hours  of  battery  life  (using  a  12-cell 
battery  and  an  extra  SelectBay  battery). 

The  bundled  applications  were  similar  to 
the  others,  including  a  method  to  do  auto¬ 
matic  backup  of  files,  power  management, 
hardware  configuration  and  the  like. 

The  ConfigFree  application  walks  you 
through  a  number  of  diagnostic  issues  if 
something  goes  wrong.  The  system  also 
can  help  you  configure  wired  and  wireless 
networks. 

After  spending  time  with  the  ThinkPad 
x40,  we  appreciated  Tecra’s  full-size  key¬ 
board  and  integrated  optical  drive,  and  its 
14.1-inch  color  screen  was  impressive. 
At  5  pounds,  it  was  the  heaviest  notebook 
tested,  but  only  slightly  more  than  the 
LifeBook. 

Unique  to  the  Tecra  is  the  soon-to-be- 
included  MyConnect  Service,  which  To¬ 
shiba  plans  to  install  on  its 
Satellite,  Tecra  and  Fbrtege  note¬ 
books  in  October.  The  $40-per- 
month  service  provides  unlimit¬ 
ed  access  to  more  than  2,500 
Wi-Fi  hot  spots,  wired  broad¬ 
band  at  1,500  hotels  and 
access  to  15,000  dial-up 
and  ISDN  connections. 
Teleworkers  who 
travel  frequently 
will  benefit  the 
most,  because 
MyConnect  com¬ 
bines  several 
access  methods 
(WLAN,  broadband  in-hotel  and  dial-up) 
into  one  account.  ■ 


Toshiba  Tecra  M2 


Takes 

®  Nearly  2  million  U.S.  households 
,  home  network  equip¬ 
ment  from  their  broadband  ISPs  by 
year  err1  up  60%  from  last  year 
according  to  a  study  from  Parks 


Associates.  "Consumers  &  Emerging 
Multimedia  Platforms  Providers"  says  the 
growth  will  encourage  broadband  ISPs  to 
offer  services  such  as  network  perfor¬ 
mance  and  security  monitoring,  VoIP  and 
content  streaming. 

■  Packard  Bell  announced  two  new 
desktop  PCs  with  HomePlug  power-line 
technology  built  into  the  power  supplies. 


Available  in  Europe  by  September,  the 
Imedia  and  Ixtreme  systems  can  be 
added  to  a  home  network  by  plugging 
them  into  an  existing  electrical  power 
outlet;  devices  such  as  printers  and 
media  players  can  be  added  by  using 
Packard  Bell's  Net2Plug  adapters  or 
other  HomePlug-compliant  devices. 

■  Nearly  19.7  million  U.S.  households  will 


own  a  networked  entertainment 
device  by  2008,  according  to  a  report 
from  The  Yankee  Group.  "Home  Network¬ 
ing  is  Hot,  but  Consumers  Have  Not  Yet 
Plugged  into  Entertainment"  found  nearly 
40%  of  households  interested  in  connec¬ 
tivity  would  find  a  home  network  useful 
for  playing  PC-based  music  and  movies 
on  any  device,  or  recording  TV  programs 
on  a  PC  and  viewing  it  on  the  TV. 
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■  AN  INSIDE  LOOK  AT  THE 
TECHNOLOGIES  AND  STANDARDS 
SHAPING  YOUR  NETWORK 


s 


Generic  exploit  blocking  stops  infections 


HOW  IT  WORKS 


Generic  exploit  blocking 

Generic  exploit  blocking  will  let  network  administrators 
apply  a  signature-based  shield  to  a  software 
vulnerability  and  block  against  attack.  The  technology 
scans  and  blocks  malicious  packets  directed  at  the 
protected  vulnerability,  preventing  them  from  infecting 
or  compromising  computers. 


©  Security  vendor  creates  a  generic  exploit-blocking  signature  and  sends  it  to  the  firewall. 
©  The  firewall  uses  this  signature  to  filter  all  network  traffic. 

0  Attacker  writes  malicious  code  based  on  a  known  vulnerability. 

©  Attacker  launches  attack  against  vulnerable  PC. 

0  Firewall  blocks  or  shields  against  the  malicious  code  attack. 


■  BY  ROB  CLYDE  AND  CAREY  NACHENBERG 

When  a  software  vulnerability  is  dis¬ 
closed,  virus  writers  rush  to  release  a  virus 
or  worm  that  exploits  the  vulnerability  be 
fore  customers  can  apply  a  patch  that  fixes 
it.  Today,  anti-virus  researchers  typically 
have  to  rapidly  obtain  the  new  virus  or 
worm,  analyze  it  and  produce  a  signature 
to  send  to  users.  The  problem  with  signa- 
turebased  anti-virus  protection  is  that  if  the 
threat  spreads  faster  than  a  signature  can 
be  produced,  computers  get  infected. 

A  new  security  technology  called  gen¬ 
eric  exploit  blocking  shields  systems  from 
malicious  threats  before  they  appear.  When 
incorporated  into  desktop  and  network 
firewalls,  the  technology  prevents  infec¬ 
tions  rather  than  responding  to  them. 

Generic  exploit  blocking  differs  from  tra¬ 
ditional  signature-based  protection  tech¬ 
nologies.  Like  traditional  signatures,  gen¬ 
eric  exploit  blocking  requires  analysis  to 
determine  characteristics  and  create  fin¬ 
gerprints.  But  the  code  being  analyzed  dif¬ 
fers.  Generic  exploit  blocking  analyzes  the 
targeted  vulnerable  software  rather  than 
the  attacking  viruses. This  difference  is  sig¬ 
nificant  because  it  lets  security  researchers 
deliver  protection  before  an  exploit  has 
been  posted  or  released  in  the  form  of  a 
new  vims  or  worm.  The  goal  of  generic 
exploit  blocking  is  to  characterize  a  system 
vulnerability  and  then  build  a  signature 
that  can  detect  and  block  all  potential 
attacks  against  that  vulnerability 

The  need  for  this  technology  was  estab¬ 
lished  in  July  2002,  when  Microsoft 
announced  a  vulnerability  in  Microsoft 
SQL  Server  database. To  exploit  the  vulner¬ 
ability,  an  attacker  simply  had  to  send  a 
packet  that  was  61  bytes  or  longer,  and 


whose  first  byte  had  a  value  of  4,  to  net¬ 
work  Fort  1434  on  an  unpatched  machine 
running  SQL  Server.  A  generic  exploit¬ 
blocking  signature  for  this  vulnerability 
would  have  blocked  the  threat. 

Security  software  vendors  could  send  sig¬ 
natures  to  firewalls  in  the  form  of  vims  def¬ 
inition  updates.  A  firewall  on  the  corporate 
server  or  desktop  PC  then  would  filter  all 
incoming  and  outgoing  packets  with  this 
signature.  Had  a  signature  been  deployed 


shortly  after  a  vulnerability  was  announ¬ 
ced,  the  MS-SQL  Slammer  worm  would 
have  been  blocked  from  its  inception. 

In  a  similar  fashion,  many  high-profile  vul¬ 
nerabilities  seen  over  the  past  two  years 
could  have  been  protected  with  this  tech¬ 
nology  For  example,  a  generic  exploit¬ 
blocking  signature  could  have  been  sent 
out  after  the  April  13, 2004,  announcement 
of  the  LSASS  vulnerability  in  Microsoft 
Windows.Such  a  signature  would  have  pre¬ 


vented  the  spread  of  the  Sasser  and 
W32.Korgo  worms  from  their  inception.  As 
this  technology  emerges  in  products,  it  will 
reduce  dramatically  the  impact  of  new 
computer  worms  and  hacking  attacks. 

Generic  exploit  blocking  is  an  effective 
deterrent  to  the  majority  of  network 
attacks,  including  threats  such  as  Slammer, 
Blaster  and  Nimda.  Moreover,  it  is  appropri¬ 
ate  for  enterprise  and  consumer  security 
products,  from  desktops  to  servers  and 
home  routers.  Generic  exploit  blocking 
can  be  incorporated  into  any  device  that 
filters  network  packets.  As  packets  flow 
through  a  protected  device,  generic  exploit 
blocking  software  attempts  to  match  each 
vulnerability  signature  against  the  data, 
blocking  packets  that  match. 

Complementary  capabilities 

Technologies  such  as  generic  exploit 
blocking  will  not  replace  traditional  reac¬ 
tive  signature-based  techniques  for  detect¬ 
ing  viruses  and  worms.  Rather,  generic 
exploit  blocking  provides  complementary 
capabilities  to  protect  a  system  from  future 
attack  weeks  or  months  before  an  exploit¬ 
ing  worm  or  virus  is  created. 

When  combined  with  automated  updat¬ 
ing  mechanisms  that  deliver  security  signa¬ 
tures  efficiently,  reliably  and  regularly, 
generic  exploit  blocking  and  traditional 
reactive  signature  techniques  let  business¬ 
es  mitigate  the  risk  of  falling  victim  to 
Internet  hazards. 

Clyde  is  vice  president  and  CTO  for 
Symantec.  He  can  be  reached  at  rclyde@ 
symantec.com.Nachenberg  is  chief  architect 
of  Symantec  Research  Labs  for  Symantec. 
He  can  be  reached  at  cnachenberg@ 
symantec.com. 


Dr.  Internet  By  Steve  Blass 

An  old  survey  form  submitted  through  a  Perl 
script  called  FormMail  sends  the  survey  data  to  an 
administrator  in  e-mail,  and  we  want  to  store  the 
data  to  a  file  instead.  How  can  we  do  that  in  Perl? 

FormMail  can  be  modified  to  save  submitted  data 
to  a  comma-separated  value  (CSV)  file,  in  addition 
to  sending  e-mail,  by  adding  a  few  reasonably  sim¬ 
ple  commands  to  the  script.  First,  get  a  copy  of  the 
FormMail.pl  script  to  work  with.  If  you  don’t  have 


access  to  the  copy  on  your  server,  you  can  down¬ 
load  it  from  Matt's  Script  Archive  (www.nwfu 
sion.com,  DocFinder:  3638).  Open  the  script  in  a 
text  editor  and  look  for  the  "send_mail"  subroutine 
by  searching  for  “sub  send_mail".  Four  or  five  lines 
below  that,  you  will  see  “open(MAIL,”  |$mail- 
prog");"  add  the  line  “open(CSV,”»mydata.csv'');” 
immediately  below  that.  Search  for  the  line 
“close(MAIL);”  and  add  a  line  that  says 
“close(CSV);”  immediately  below  it.  Then  for  every 


line  in  the  send_mail  subroutine  that  begins  with 
"print  MAIL  ...",  create  a  duplicate  immediately 
below  it  with  "MAIL"  replaced  by  “CSV.”  FormMail 
will  append  the  submitted  data  to  the  CSV  file, 
and  send  an  e-mail  when  a  survey  form  is 
received. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.intemet@change 
atwork.com. 
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Technoiogy  Update 


Tie  ’em  up  and  lock  ’em  down 
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Last  week  we  discussed  the  wonders  of 
the  Keyspan  USB  server,  which  raises 
an  interesting  topic:  How  do  you  con¬ 
trol  what  gets  plugged  into  your  PCs? 

Just  think;  you  have  a  gazillion  PCs,  all 
with  some  combination  of  serial,  parallel, 
infrared,  Firewire  and  USB  ports.  Not  to 
mention  802.1 1  wireless  cards,  writable  CD 
drives,  floppy  disks  and  hard  disks.  Think 
about  it;  each  port  and  device  is  a  potential 
major  security  hole. 

Now  in  your  network  environment  just 
consider  what  one  of  your  users  with  an 
empty  iPod,  access  to  a  USB  port  and  bad 
intentions  could  get  away  with  . .  .chills  you 
to  the  marrow,  doesn’t  it? 

And  when  you  think  of  it,  the  whole  idea 
of  any  I/O  devices  on  PCs  being  available 
when  they  aren’t  actually  needed  is  pretty 
dumb.  So  what’s  a  sysadmin  to  do? 

Well,  we  just  found  an  interesting  answer: 
DeviceLock  from  SmartLine  (www.protect- 
me.com).  This  system,  which  works  under 
Windows  NT,  2000,  XP  and  Server  2003,  lets 


you  block  unauthorized  users  from  using 
all  the  devices  we  listed  above  and  many 
other  plug-and-play  devices. 

DeviceLock  also  lets  you  control 
device  access  by  time  of  day  and  day  of 
the  week,  and  you  can  define  a  whitelist 
of  USB  devices  that  authorizes  access  to 
specific  devices  regardless  of  any  other 
settings. 

A  particular  advantage  for  all  network 
administrators  who  have  users  who 
insist  on  “accidentally”  overwriting  disks 
is  the  ability  to  set  devices  to  read-only 
mode  and  prohibit  formatting.  You  also 
can  remotely  flush  unsaved  file  buffers 
—  something  that  is  crucial  with  remov¬ 
able  media. 

DeviceLock  is  oriented  toward  corpo¬ 
rate  use  because  you  can  install  and  unin¬ 
stall  it  automatically  (DeviceLock  sup¬ 
ports  Windows  Remote  Install  facility) 
and  manage  all  device  control  remotely 

We  found  DeviceLock  easy  to  deploy 
and  the  management  quite  easy  to  use. 
When  you  make  changes  to  user-access 
rights  they  happen  almost  immediately, 
and  you  can  set  access  rights  in  batch 
mode  so  a  network-wide  policy  can  be 
implemented,  effectively  with  one  click. 

Defeating  DeviceLock  isn’t  easy  if  you 
don’t  have  administrative  privileges,  and 


even  when  you  do,  simply  ripping  out 
the  DeviceLock  driver  won’t  give  you 
access  to  blocked  devices.  It  will  just 
remove  the  ability  for  the  management 
tool  to  reconfigure  access.  The  bottom 
line  is  that  so  long  as  your  users’  PCs  are 
configured  properly  in  the  first  place, 
you  should  be  able  to  thwart  all  but  the 
most-skilled  hackers. 

So  now  you’ve  got  all  those  devices 
locked  down,  what  about  all  those  TCP/IP 
sockets?  Given  the  staggering  number  of 
applications  that  use  TCP/IP  communica¬ 
tions  for  code  or  data  updates,  instant 
messaging,  peer-to-peer  file  sharing  or  any 
of  the  other  countless  purposes  the  indus¬ 
try  invents,  there  is  a  good  argument  that 
some  kind  of  firewall  on  each  user’s  PC  is 
not  just  a  good  idea. 

You  probably  will  not  be  surprised  to 
learn  SmartLine  also  offers  a  system 
called  PortsLock  to  do  just  that.  Unlike 
many  workstation  products,  PortsLock 
can  be  centrally  managed,  much  like 
DeviceLock. 

Incidentally,  you  cannot  control  access 
to  devices  connected  to  last  week’s 
Keyspan  USB  server  with  DeviceLock 
because  connections  to  the  server  are 
through  User  Datagram  Protocol  (UDP) 
and  TCP  which  requires  a  firewall  such 
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as  PortsLock. 

PortsLock  is  a  firewall  with  user-level 
access  control,  again,  for  NT,  2000,  XP  and 
Server  2003,  and  lets  permissions  be  set 
on  TCP/IP  connections  that  use  UDRTCR 
IP  or  Internet  Control  Message  Protocol. 

For  defined  users  or  groups  you  can 
block  access  to  specific  connections;  set 
allowed  or  denied  IP  addresses;  control 
incoming  and  outgoing  connections;  con¬ 
trol  communications  access  by  time  of 
day  and  day  of  the  week;  monitor  TCP/IP 
activity  on  remote  computers  in  real  time; 
and  —  again  like  DeviceLock  —  install 
the  system  on  remote  computers. 

The  strength  of  PortsLock  is  its  central¬ 
ized  management,  and  our  only  com¬ 
plaint  is  that  when  PortsLock  and  Device- 
Lock  are  installed  they  should  share  an 
interface  —  indeed,  they  really  should  be 
plug-ins  for  the  Microsoft  Management 
Console. 

DeviceLock  pricing  starts  at  $35  for  a  sin¬ 
gle  computer,  and  PortsLock  costs  $50  for 
a  single  PC. 

We  would  be  very  interested  to  know 
what  you  think  of  these  tools  and  how  seri¬ 
ously  you  take  the  issue  of  your  users  being 
a  threat.  Tales  of  constraint  to  gearhead@ 
gibbs.com. 


Cool 


VoIP  invades  the  home  network 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Last  week,  two  major  home  network  companies  an¬ 
nounced  products  and  bundling  deals  with  broad¬ 
band  phone  service  maverick  Vonage  that  will  seri¬ 
ously  push  VoIP  in  the  home  network  space. 

Linksys  said  its  Linksys  Phone  Adapter  (PAP2)  and  wired 
Broadband  Router  (RT31P2)  are  aimed  at  consumers  and 
small  office/home  office  (SOHO)  workers  interested  in 
telephone  service  over  broadband.  In  addition  to  being 
the  market  leader  in  home  networking,  Linksys  has  an 
advantage  in  the  growing  home  VoIP  market  by  leveraging 
parent  company  Cisco’s  VoIP  knowledge. 

Netgear,  meanwhile,  said  last  week  it  would  ship  VoIP 
products  with  Vonage  support  in  October.  Netgear  plans  to 
ship  a  wireless  802.1  lg  adapter  with  VoIP  support  and  a 
wired  adapter/router  with  two 
phone  ports.  No  other  details  were 
available.  Linksys  said  it  would 
announce  and  ship  a  wireless  gate¬ 
way  product  (access  point,  router 
and  voice  support  in  one  box)  in  a 
few  weeks. 

VoIP  makes  sense  for  many  con¬ 
sumers  and  SOHOs  —  after  they 
get  their  network  installed,  users 
are  going  to  want  to  do  something 
with  that  broadband  connection 
other  than  just  share  the  connec¬ 
tion  for  Web  surfing.  Saving 


money  through  a  VoIP  package  (Vonage’s  rates  are  very 
attractive  compared  with  local  phone  companies’)  is 
one  incentive;  having  additional  services  that  VoIP 
provides  (enhanced  services,  IP-based  configu¬ 
ration  and  the  like)  is  another.  One  of  the 
cooler  features  of  the  VoIP  sales  pitch  is  the 
ability  for  mobile  workers  to  take  their  VoIP 
box  with  them  on  the  road  and  be  able  to 
make  “free”  phone  calls  through  the  hotel’s 
high-speed  Internet  connection. 

The  VoIP  market  for  home  users  is  just  begin¬ 
ning  —  In-Stat/MDR  says  that  by  the  end  of  2008, 

10.3%  of  the  59.1  million  broadband  users  in  the  U.S.  will 
use  IP  telephony  And  with  a  majority  of  U.S.  households 
now  having  a  broadband  connection,  the  time  seems  right 
for  a  VoIP  push  (although  can  someone  come  up  with  a 
better  acronym  for  the  non-techie  consumer  crowd?). 

There  are  some  downsides  to  VoII?and  we’re  waiting  to 
see  if  local  phone  companies  try  to  take  advantage  of  this. 

For  example,  making  a  91 1  phone  call  over  VoIP 
is  like  making  one  on  a  cell  phone  —  you  have 
to  tell  the  operator  your  location  and  the  phone 
number.  Vonage  customers  have  to  sign  up  for 
the  911  service  to  work  correctly  In  addition, 
when  the  power  goes  out,  so  will  your  VoIP  ser¬ 
vice,  as  the  equipment  relies  on  electricity 
(unlike  your  old-fashioned  land  line).  Likewise, 
if  the  broadband  connection  goes  down,  so  will 
the  VoIP  service. 

The  Linksys  PAP2  de¬ 
vice  comes  with  two 
standard  phone  ports 
(RJ-11)  and  one  Ether¬ 
net  port  that  connects 


The  PAP2  connects 
behind  a  router  and 
offers  two  phone 
ports. 


behind  a  broadband  router.  (Other  adapters 
sometimes  connect  before  the  router.)  The  two  phone 
ports  allow  for  two  phone  numbers  or  a  fax  line,  Linksys 
says.The  RT31P2  takes  the  VoIP  technology  and  combines 
it  with  a  broadband  router;  it  comes  with  three  Ethernet 
ports  that  let  you  connect  other  devices  to  the  system. 

Both  systems  use  Session  Initiation  Protocol,  have  Web- 
based  configuration,  support  multiple  voice  compression 
methods  (G.711,  G.726,  G.729  and  G.723.1),  and  support 
common  voice  features  such  as  caller  ID,  call  waiting,  call 
forwarding  and  voice  mail. 

The  PAP2  will  cost  $59;  the  RT3 1 P2,  $89. Vonage  includes 
several  service  plans,  ranging  in  cost  from  $15  per  month 
(basic  service  with  500  minutes)  to  $50  per  month  (small- 
business  plan,  unlimited  minutes) .The  bundled  package  is 
available  nationwide  at  Staples;  other  retailers  are 
planned,  or  you  can  buy  one  directly  from  Vonage. 


Shaw  can  be  reached  at  kshaw@nww.com. 


The  RT31P2  is  a  three-part 
router  and  a  two-port  VoIP  device. 
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»  The  next  viral  intruder  lurks  ...  somewhere.  But  a  Juniper  network  is  already 
built  to  withstand  the  attack.  Juniper  Networks  delivers  the  industry's  most 
secure  and  sophisticated  solutions — making  your  network  impenetrable 
without  sacrificing  speed  or  reliability.  Juniper  your  net. 


Don't  miss  Defending  In  Depth,  a  seminar  series  featuring  a  key  note  address  from  Gartner  security 
experts.  For  more  information  visit  www.juniper.net/nwevent.  Seminar  dates: 

09/14/04:  San  Francisco,  CA  •  10/14/04:  Atlanta,  GA  •  11/09/04:  Chicago.  IL  •  11/11/04:  Boston,  MA 


©2004  Juniper  Networks 


32 


8/30/04] _ 

OH  TECHNOLOGY 

Neal  Weinberg 

'Net needs to 
take  a  bite  out 
of  cybercrime 


As  a  former  business  writer,  I  used  to  think  that  the 
coolest  thing  about  the  Internet  was  that  it  repre¬ 
sented  a  totally  new  business  model. 

After  all,  here  was  a  marketplace  where  millions  of  dol¬ 
lars  worth  of  transactions  take  place  every  day  and  it’s  not 
owned  by  anybody  or  run  by  anybody  It’s  just  out  there. 

But  now  I’m  coming  to  the  conclusion  that  this  business 
model  is  breaking  down  and  needs  to  be  radically 
revamped.  Here  are  some  sobering  stats: 

•  The  average  Internet  attack  costs  the  average  company 
$2  million  in  revenue,  according  to  the  Aberdeen  Group. 

•  The  cost  of  spam  has  more  than  doubled  in  the  past 
10  months,  according  to  Nucleus  Research. 

•  Spam  and  anti-spam  protection  cost  computer  users 
$25  billion  last  year,  according  to  the  United  Nations. 

•  Research  firm  Computer  Economics  says  viruses  and 
worms  cost  $12.5  billion  worldwide  in  2003. 

And  who’s  left  holding  the  bag?  It’s  you,  the  IT  executive. 
It’s  not  enough  to  keep  your  network  running,  to  support 
your  business  units,  to  connect  remote  and  mobile  work¬ 
ers.  You  have  to  go  one-on-one  with  hackers,  spammers, 
phishers,  spyware,  worms  and  viruses. 

But  why  should  individual  IT  departments  be  the  main 
line  of  defense  against  cybercrime?  Why  should  major 
companies  have  to  spend  millions  of  dollars  to  re-invent 
the  security  wheel?  The  situation  is  like  living  in  a  town 
where  there  are  no  laws,  cops  or  judges,  and  each  home- 
owner  has  to  board  up  the  windows,  put  furniture  against 
the  door  and  sit  up  all  night  to  fight  off  the  bad  guys. 
Consumers  are  starting  to  lose  confidence  in  the  Internet 
as  a  safe  and  reliable  place  to  do  business. 

So  where  is  the  Internet  community?  Unfortunately,  it  has 
been  unable  to  respond  to  these  threats.  It’s  nobody’s  fault. 
It’s  just  that  the  Internets  big  strength  —  its  lack  of  central¬ 
ized  control  —  is  also  its  big  weakness.  If  the  Internet  were 
a  corporation,  the  CEO  would  drag  all  the  players  into  a 
room,  read  everybody  the  riot  act  and  not  let  anyone  leave 
until  a  solution  had  been  hammered  out. 

But  there  is  simply  no  mechanism  today  for  bringing  all 
the  parties  together,  coming  up  with  a  hard-nosed  plan  to 
fight  cybercrime  and  then  enforcing  it. 

Sure,  there  are  groups  such  as  the  World  Wide  Web  Con¬ 
sortium  and  IETF,  but  these  are  narrowly  focused,  engineer¬ 
ing-oriented  groups  and  they  are  part  of  the  Internet  cul¬ 
ture  that  abhors  any  kind  of  government  intervention. 

But  that’s  what’s  coming,  unless  the  Internet  community 
gets  its  act  together. Yes,  the  U.N.,  through  its  ITU,  now  wants 
to  gain  some  measure  of  control  over  the  Internet.  Check 
out ! 1  ie>  i details  at  www.itu.int/osg/spu/spam. 

—  Neal  Weinberg 
Features  editor 
nweinberg@nww.  com 
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Phishers  are  terrorists 

Regarding  the  story  “Phear  of  phishing”  (www.nwfu 
sion.com,  DocFinder:  3622):  In  early  2001, 1  almost 
lost  my  entire  small  business  to  copycat  crime.  A 
phisher  in  Korea  cloned  my  DocJob.com  site,  re¬ 
freshing  it  first  to  a  cloned  pharmaceutical  site,  and 
then  to  a  hard-core  porn  sited  needn’t  describe  how 
many  tens  of  thousands  of  dollars  I  lost  or  the  night¬ 
mare  I  went  through  when  the  phisher  first  offered 
to  transfer  the  site  if  I  would  help  him  and  his  fami¬ 
ly  come  to  the  U.S.,and  then  promised  to  “make  me 
pay”  when  I  refused  to  cooperate  with  him. 

I  have  never  completely  recovered  lost  business. 
DocJob.com  ranked  very  high  in  the  search  engines 
and  the  name  was  catchy  and  memorable. The  sub¬ 
stitute,  PhyJob.com  (and  every  typo  form  of  it  I 
could  think  of  to  register),  is  just  not  the  same.  I,  too, 
was  the  victim  of  international  terrorism,  but  neither 
the  FBI  nor  any  other  government  office  responded 
to  the  needs  of  this  U.S.  citizen. 

I  sincerely  believe  the  goal  of  these  phishers  and 
Internet  business  terrorists  is  to  destroy  the  Internet 
as  a  viable  information  or  business  community  By 
destroying  the  credibility  and  usability  of  our  major 
communications  and  information  network,  they 
place  us  into  a  shadow  world  where  we  don’t  know 
what  —  or  whom  —  to  trust. 

A  nation  can  more  easily  be  conquered  and  con¬ 
trolled  through  creating  paranoia  than  by  all  the 
firearms  in  the  world.  Internet  crime  —  this  is  the 
real  weapon  of  mass  destruction. 

Patricia  Collins 
Gulf  Breeze,  Fla. 

Say  no  to  upgrades 

Regarding  Dave  Kearns’  column  “What  are  these 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  118  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


guys  thinking?”  (DocFinder:  3623):  My  company  is 
running  Windows  NT  3.51 ,  NetWare  3.12,  OS/2  Warp, 
AIX  4.1  and  even  Windows  3. 1  .Why?  For  the  very  rea¬ 
sons  Kearns  cites.  The  NetWare  3.12  and  OS/2  sys¬ 
tems  do  a  very  particular  job  very  well.The  upgrade, 
although  it  does  exist,  will  cost  us  $250,000  or  more. 
The  only  problem  I  see  is  finding  parts  in  the  event 
of  hardware  failure.  So  far, so  good. 

Same  story  with  our  Windows  NT  3.51  and  3. 1  stuff. 
Proprietary  software,  single  application,  dedicated 
system.  We’ve  looked  at  the  upgrade  for  this,  and  for 
the  price  there’s  not  enough  difference  between  the 
new  and  the  old  to  get  any  ROI  at  all.  Under  these 
circumstances,  how  do  you  convince  the  purse 
holder  to  pony  up? 

It’s  refreshing  to  see  a  realistic  story  on  this  subject. 
So  many  writers  are  all  on  the  “onwards  and  up¬ 
wards”  train.  I  wish. 

Bruce  MacDonald 
Vancouver,  B.C. 

Spam  cure 

Regarding  Winn  Schwartau’s  column  “Spam  cure: 
Nail  the  vendors”  (DocFinder:  3624):  Another  way  of 
going  after  vendors  is  to  block  them  from  using  elec¬ 
tronic  forms  of  payment.  But  I  wouldn’t  let  ISPs  off 
the  hook  so  fast.  ISPs  should  be  held  responsible  for 
what  they  allow  onto  the  Net. 

To  control  foreign  ISPs,  we  could  require  all  traffic 
to  come  through  a  U.S.  ISP  unless  the  foreign  coun¬ 
try  signs  a  treaty  that  implements  and  enforces  spam 
laws  of  at  least  equal  severity  to  those  in  the  U.S.  If 
necessary  the  government  could  get  involved  by 
charging  the  ISP  1  cent  “postage”  for  every  address  to 
which  an  e-mail  is  sent  onto  the  ’Net.  The  money 
could  pay  for  monitoring  and  enforcement  at  the 
ISP  level  and  for  any  administrative  overhead  and 
government  oversight. 

Bruce  Bibee 
Los  Angeles 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  3621 
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VIEW  FROM  ABROAD 

Shel  Israel 


From  cargo  port  to  digital  hub 


Developing  an  Asian  IT  strategy  can  be  daunting.The  worlds  most 
populous  continent  poses  many  challenges.  Governments  are 
often  unstable  and  unpredictable.  Translating  language  —  and 
dialects  —  can  be  baffling.  Modern  facilities  are  built  adjacent  to  com¬ 
munities  still  waiting  for  electricity 

Tiny  Singapore  might  solve  many  such  problems.  This  workaholic 
island-nation  of  4  million  is  already  Americas  12th-largest  trading  part¬ 
ner.  More  than  1,300  U.S. companies  operate  there, and  300  make  it  their 
regional  headquarters.  There’s  good  reason:  Singaporeans  are  among 
the  worlds  best-educated  citizens.  Its  government  is  investing  billions 
into  research,  IT  and  broadband  development.  Enhancing  technology 
and  collaborating  with  the  private  sector  is  mandated.  Everyone’s  bilin¬ 
gual.  English  is  the  national  language. 

Recently  I  was  invited  to  examine  the  country’s  claims  as  an  IT  mecca 
and  Asia-Pacific  digital  hub.  It  makes  a  compelling  case.  One  night,  dur¬ 
ing  a  seaside  dinner  with  HockYun  Khoong,  a  senior  official  at  the  Info- 
comm  Development  Authority  (IDA),  the  techno-centric  government 
department  hosting  me,  we  saw  a  seemingly  endless  line  of  freighters 
and  tankers  pass  by  offshore.  Khoong  observed,  “Half  the  world’s  oil 
passes  through  here.Think  what  A1  Qaeda  could  do  if  we’re  not  vigilant.” 

But  Singapore  is  vigilant.  Safety  is  foremost,  and  technological  capa¬ 
bility  follows  closely. Singapore’s  is  the  world’s  second-largest,  best-auto- 
mated  and  statistically  safest  port.You  can’t  bribe  your  way  in  and  prop¬ 
erty  simply  doesn’t  disappear.  Singapore  has  built  a  solid  infrastructure, 
making  multinational  transactions  easy  and  compliant.  It’s  the  first 
“paperless  port,”  communicating  wirelessly  with  inbound  ships,  elimi¬ 
nating  hundreds  of  pages  of  paperwork  per  vessel. 


All  these  attributes  apply  directly  to  Singapore’s  advantages  to  IT.  Add 
government’s  superb  attitude  and  you  get  a  unique  recipe  for  success. 
IP  —  your  company’s  most  precious  cargo  —  is  as  safe  there  as  freight 
in  the  port.  Singapore’s  message:  “Store  your  IP  here.  Use  broadband 
technology  to  distribute  localized  versions  of  your  IP  to  larger  but  less 
secure  markets  and  conduct  your  transactions  here  where  governance 
is  top  quality  Have  a  unique  challenge  or  need  an  educated,  adept 
labor  pool?  Let  government  partner  with  you.” 

Government  as  a  partner?  My  biggest  surprise  was  the  competence, 
candor  and  cooperation  of  IDA  representatives  on  all  levels.  IDAs  char¬ 
ter  is  to  devise,  develop  and  execute  information  communications  pro¬ 
grams,  accelerating  Singapore’s  economic  development.lt  does  it  with 
precision,  collaborating  with  private  companies  at  nearly  all  points.  In¬ 
tel  was  instrumental  in  devising  IDAs  broadband  strategy,  resulting  in 
ubiquitous  corporate,  government  and  educational  facility  access. 
More  than  75%  of  all  homes  have  access. 

Singapore  believes  its  most  valuable  resource  is  its  population.  It  cul¬ 
tivates  its  citizens  to  be  among  the  world’s  best-equipped  and  best- 
informed  knowledge  workers.  Literacy  is  well  over  90%. Singapore  pays 
for  overseas  college  education  with  the  proviso  that  graduates  return  to 
serve  in  government  for  a  time  equal  to  the  time  spent  studying. 

I  remarked  to  Ching  Yee  Tan,  IDAs  Stanford-educated  CEO,  that  critics 
refer  to  the  country  as  “Singapore,  Inc.”  “Why  is  that  bad?”  she  asked. 

From  an  IT  perspective,  I  think  the  answer  is:“It  isn’t.” 

Israel  is  editor-in-chief  of  Conferenza  Premium  Reports.  He  can  be 
reached  at  sisrael@conferenza.com. 


I  remarked  that 
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INDUSTRY  COMMENTARY 

Frank  Dzubeck 


I  his  year’s  hot  IT  buzz  is  centered  on  a 
new  concept:  service-oriented  archi¬ 
tecture.  An  SOA  is  a  business  process- 
driven  application  integration  architecture 
in  which  all  functions,  activities  and  actions 
are  defined  as  services  and  use  standards- 
based  interfaces.  In  an  SOA,  all  services  are 
independent.  Service  requests/responses  or  actions/reactions  are 
locality-independent. 

Interfaces  are  platform-independent.  An  application  on  any  infra¬ 
structure  component  or  device,  using  any  operating  system  in  any  lan¬ 
guage,  can  use  a  service. The  interface  defines  the  required  parameters 
and  the  result.  It  also  defines  the  attributes  of  the  service  but  not  the 
underlying  technology  used  to  implement  it. 

Management  within  an  SOA  is  comprehensive,  requiring  implemen¬ 
tation  of  six  components:  policy  security  workload/workflow  deploy¬ 
ment,  monitoring/logging,  dynamic  provisioning  and  maintenance. 
These  requirements  alone  dictate  a  rethinking  of  how  networking  will 
be  accomplished  within  an  SOA.  In  addition, an  SOA  relies  on  five  tech¬ 
nology  concepts  that  will  require  network  re-engineering: 

•  Dynamic  service  discovery.  This  concept  facilitates  incremental 
scalability  of  services,  decouples  service  requestors  from  service 
providers,  provides  for  dynamic  updates  of  services,  facilitates  the 
search  for  services  by  requestors,  and  allows  dynamic  selection  of  a 
service  provider  vs.  fixed  allocation  of  a  provider  to  a  requestor. 
Minimization  of  network  latency  and  the  proper  provisioning  of  QoS 
become  critical  issues  for  successful  network  operation  within  an  SOA. 

•  Web  services  for  application/services  communication.  Web  services 
are  built  on  platform-independent  protocols  such  as  Session  Initiation 
Protocol;  HTTP;  XML;  Universal  Discovery,  Description  and  Integration; 
Web  Services  Description  Language;  and  Simple  Object  Access 
Protocol. These  protocols  deliver  dynamic  discovery  and  access,  inter¬ 
face  independence  and  interoperability  to  SOA.To  optimize  these  new 
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features  within  an  SOA  network  requires  implementing  XML-based 
routing,  acceleration  and  security  networking  components  that  might 
not  exist  in  the  current  network  architecture. 

•  Virtualization.  Application,  services  and  infrastructure  resource 
locality  independence  require  virtualization  technology  for  all  appli¬ 
cations, servers, storage  and  networks  within  the  SOA.To  implement  vir¬ 
tualization  properly  the  network  also  must  be  upgraded  to  contain  the 
proper  caching  devices  to  facilitate  optimal  throughput  for  each  ser¬ 
vices  request/response. 

•  Meta-directories  for  dynamic  discovery  of  a  data,  services,  applica¬ 
tion  or  infrastructure  resource.  The  meta-directory  concept  enables 
access  independence  of  directory  platform,  structure  or  location  by 
any  requestor  to  any  services,  application  or  resource  based  upon 
desired  search  criteria.  Again,  minimization  of  network  latency  and  the 
proper  provisioning  of  QoS  become  critical  issues  for  successful  net¬ 
work  operation  within  an  SOA. 

•  Services  bus.  This  is  a  virtual  software-based  publish/subscribe 
event  bus  that  is  logically  partitioned  to  allow  multiple  uses.The  bus 
is  the  logical  communications  highway  for  XML-based  messaging  for 
all  services  requestors  and  providers;  services,  application  and 
resource  dynamic  discovery;  meta-directory  search;  transaction  trans¬ 
port;  workflow  scheduling  and  management.The  amount  of  adminis¬ 
trative  traffic  across  the  bus  within  an  SOA  is  significant. The  obvious 
need  for  higher  throughput  and  faster  speed  transport  requires  a 
rethinking  of  network  utilization,  topology  and  capacity. 

In  all  probability  migrating  to  an  SOA  will  require  a  substantial 
upgrade  to  the  company’s  network  infrastructure  and  transport  facili¬ 
ties.  But  in  the  end,  the  SOAs  business  benefits  will  outweigh  the  cost  of 
implementation. 


In  the  end,  SOA's 
business  benefits 
will  outweigh 
the  cost  of 
implementation. 


Dzubeck  is  president  of  Communications  Network  Architects,  an  indus¬ 
try  analysis  firm  in  Washington,  D.C.  He  can  be  reached  at 
fdzubeck@commnetarch.  com. 
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Belkin  has  announced 
it  will  ship  the  first  pre¬ 
standard  802.1  In  access 
points  and  PC  cards,  both 
based  on  Airgo’s  MIMO  chipset, 
in  October. 


Using  multiple  transmitters  and 
receivers,  new  technology  offers 
major  boost  to  wireless  LANs. 


■  BY  CRAIG  MATHIAS 


Current  wireless  LAN  technologies  have  their  share  of 
technical  challenges,  including  limited  bandwidth  and 
transmit  power,  interference,  signal  fading  and  multi- 
path  (interfering  echoes  and  reflections).  Fortunately, 
there’s  a  new  approach  to  radio  design  and  implementation 
that  promises  a  powerful  remedy.  It’s  called  MIMO  —  multiple 


input,  multiple  output  —  and  we 


at  the  Farpoint  Group 


believe  MIMO  is  the 


single  most  important 


technology  in  wireless 


today. 

MIMO  promises  improvements  in 
WLAN  throughput,  range  and  reliability  that 
will  broaden  the  usefulness  of  wireless  for  appli¬ 
cations  that  demand  ever-greater  performance. 

We  expect  the  next  evolution  of  the  IEEE  802. 1 1  phys¬ 
ical-layer  standard  —  802.1  In, with  more  than  100M  bit/sec 
single-channel  performance  —  will  be  based  on  MIMO  tech¬ 
nology.  And  we  even  expect  MIMO  to  be  applied  to  cellular  and 
other  wireless  systems  in  the  future.  But,  for  now,  let’s  just  consider  how 
MIMO  will  play  in  the  WLAN  world. 


Isn’t  that  spatial 


Basically,  while  802.1  la/b/g  technologies  use  single  transmitting  and  dual  receiv¬ 
ing  antennas,  MIMO  uses  multiple  transmitting  antennas,  multiple  receiving  antennas 
and  a  lot  of  signal  processing  on  both  ends  to  create  a  complex,  3-D  radio-frequency 
transmission. 


SIMO,  1IS0  &  MIMO 

Typical  wireless  devices  use  a  single  antenna  for  transmitting  signals 
and  a  single  receiver.  Performance  takes  a  hit  when  signals  from  a 
transmitter  bounce  off  ordinary  office  objects,  like  filing  cabinets,  and 
arrive  at  the  receiver  from  different  paths  and  at  different  times. 
SIMO,  MISO  and  MIMO  take  that  problem  —  called  multipath  —  and  turn 
it  into  a  positive  by  using  multiple  transmitters  and/or  receivers 
to  increase  throughput  and  reliability. 

SIMO  (single  input,  multiple  output) 


Reflecting  object 


MISO  (multiple  input  single  output) 


MIMO  (multiple  input  multiple  output) 
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What’s  being  inputted  and  outputted  in  this  case  is 
the  radio  channel  itself.  Normally,  we  think  only  of  fre¬ 
quency  and  time  as  the  key  elements  here  —  the  core 
issue  in  modulating  a  signal  is  the  number  of  bits  per 
Hertz,  per  second. 

M1MO  adds  a  third  “spatial”  dimension,  and  in  fact 
depends  upon  multipath,  previously  an  impediment,  for 
it  to  work  properly  If  that  sounds  counterintuitive,  think 
of  MIMO  as  analogous  to  3-D  computer  graphics  —  a 
much  richer  form  of  communication  than  2-D,with  a  lot 
more  information  content.  That’s  the  core  idea.  Note 
that  single-input,  multiple  output  and  multiple-input, sin¬ 
gleoutput  approaches  are  also  possible  —  but  the  best 
results  are  obtained  with  a  true  MIMO  implementation 
on  both  ends  of  a  connection. 

Better  than  bonding 

MIMO  is  so  important  to  the  future  of  WLANs  because 
it’s  the  most  effective  approach  to  improving  perfor¬ 
mance.  Another  option  is  to  simply  use  more  band¬ 
width,  like  the  proprietary  channel-bonding  techniques 
used  in  108M  bit/sec  802.11a  and  802.1  lg  implementa¬ 
tions.  But  channel  bonding  isn’t  as  spectrally  efficient  as 
MIMO  and  not  a  good  long-term  choice  because  data 
loads  and  rates  surely  will  increase  over  time. 

We  also  could  use  a  more  complex  modulation 
scheme  and  simply  attempt  to  cram  more  bits  into  the 
frequency  and  time  already  available.  But  we  likely 
would  end  up  with  modulated  signals  that  are  so  com¬ 
plex  that  the  damage  normally  incurred  via  radio  prop¬ 
agation  would  render  the  received  signal  unusable. 

MIMO  vs.  UWB 

MIMO  is  very  complex  to  implement,  and  most  WLAN 
chip  vendors  are  just  beginning  to  proceed  up  the 
learning  curve.The  amount  of  time  required  to  agree  on 
802.1  In  (perhaps  late  in  2005  at  the  earliest)  gives  ven¬ 
dors  time  to  complete  their  MIMO  product  plans,  but 
we’re  still  going  to  see  a  good  crop  of  “pre-n”  products 
before  the  standard  is  ratified. 

So  what  is  an  appropriate  application  for  pre-n  today? 
We  are  seeing  increasing  interest  in  many  possible 
applications,  most  notably  those  related  to  multimedia, 
particularly  in  the  home. 

Residential  WLANs  have  led  the  WLAN  revolution,  if 
for  no  other  reason  than  the  rise  in  multi-computer 
households  has  highlighted  how  difficult  most  homes 
are  to  wire.  Residential  WLANs  do  not  have  the  roam¬ 
ing,  management,  load-balancing,  throughput  or  elabo¬ 
rate  security  requirements  that  companies  have,  but  at 
least  with  respect  to  performance,  this  is  changing 
rapidly  Home  theaters  and  media  rooms  are  becoming 
common,  and  the  cable,  broadband  or  satellite  connec¬ 
tion  is  not  really  where  it  needs  to  be.  Moreover,  the 
desire  to  move  media  to  a  specific  location  is  becom¬ 
ing  a  requirement,  making  wireless  the  obvious  choice 
once  again.  Imagine  being  able  to  route  home  enter¬ 
tainment  and  other  programming  anywhere  desired, 
even  to  mobile  units  —  that’s  the  possibility  that  M1MO- 
based  WLANs  enable. 

But  there  is  a  counterargument  to  WLANs  in  this  appli¬ 
cation,  and  that  comes  from  the  ultrawideband  (UWB) 
community  working  on  the  802.15.3a  standard.  UWB  is 
often  described  as  “wireless  USB,”  featuring  480M  bit/sec 
throughput. 

However,  power  restrictions  on  UWB  make  it  more  of 
a  room-area  network  than  a  building-wide  LAN.  UWB  is 
very’  successful  in  component  interconnect,  toys  and 
games,  and  many  other  consumer  applications,  and  it 
serves  as  wireless  USB  in  enterprise  settings.  But  it’s 
unlikely  UWB  will  replace  the  WLAN  in  any  situation.  In 
short, WLANs  based  on  MIMO  are  still  LANs;  UWB-based 
solutions  are  not. 


All  wireless,  all  the  time 

Looking  ahead,  the  vision  of  the  all-wireless  company 
—  something  we  dismissed  a  decade  ago  —  is  now  a 
very  likely  reality  Consider  the  following  two  items: 

•  Whereas  early  WLANs  offered  well  under  1M  bit/sec 
of  throughput,  today’s  54M  bit/sec  and  802.1  In’s  more 
than  100M  bit/sec  put  a  vast  amount  of  bandwidth  at  a 
user’s  disposal. 

•  In  the  U.S.  alone,  there  are  24  non-overlapping  WLAN 
channels  above  5  GHz,  and  three  at  2.4  GHz.  These  27 
channels,  assuming  a  MIMO-based  108M  bit/sec  each, 
yield  almost  3G  bit/sec  of  available  bandwidth,  with  this 
spectrum  reusable  perhaps  every  150  feet  or  so. 

While  this  lets  wireless  computers  and  PDAs  operate 
at  wire  speed  with  perhaps  even  less  contention  than 
they  would  see  on  wire,  the  additional  headroom  will 
come  in  handy  as  time-bounded  communications,  par¬ 
ticularly  voice,  are  moved  to  the  WLAN  infrastructure. 

VoIP  over  Wi-Fi  (or  what  we  call  VoFi)  is  going  to  be  a 
huge  enterprise  WLAN  application  and  a  core  driver  of 
the  enterprise  WLAN  market. This  will  not  happen  until 
dual-mode  cellular/VoFi  handsets  become  widely  avail¬ 
able,  but  this  trend  is  now  evident.  The  technology  to 
enable  the  handoff  of  both  voice  and  data  connections 
between  the  wireless  WAN  and  WLAN  domains  already 
exists,  so  all  that  is  required  is  for  cellular  operators  to 
support  this  mode  of  operation. 

This  is  a  major  trend  and  will  become  quite  common 
over  the  next  five  years.  The  load  placed  on  WLANs 
from  voice  traffic,  again,  has  less  to  do  with  raw  through¬ 
put  than  headroom.  MIMO  provides  this  headroom, 
along  with  improvements  in  range  based  on  its  superi¬ 
or  handling  of  a  multipath-rich  environment,  typical  of 
indoor  venues. 

The  enterprise  desktop  phone  of  the  future  could 
look  a  lot  like  that  of  the  1930s  —  electrical  outlets,  but 
not  RJ-lls  and  RJ45s.  With  combined  cellular/VoFi 
phones,  there’s  really  no  need  for  conventional  tele 
phone  desksets  in  many  cases.  And  with  mobile  infor¬ 
mation  devices  having  access  to  enough  bandwidth  to 
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essentially  duplicate  wired  performance,  the  Ethernet 
jack  likely  is  doomed  as  well. 

Have  no  fear,  MIMO  is  near 

Still,  there  are  many  who  believe  that  the  current 
emphasis  on  ever-greater  WLAN  throughput  is  mis¬ 
placed.  There  is,  they  say,  an  inverse  relationship 
between  distance  and  throughput  in  wireless  systems 
—  the  farther  you  go,  the  slower  you  go  until  no  con¬ 
nection  is  possible  at  all  because  of  fading.  Coupled 
with  the  use  of  spectrum  above  5  GHz,  where  propaga¬ 
tion  is  more  problematic  than  at  2.4  GHz,  this  means 
we’ll  see  denser  deployments  of  infrastructure  (access 
points)  in  the  future. 

This  is  really  not  a  cause  for  concern  —  prices  are  cer¬ 
tain  to  continue  to  fall,  as  they  always  seem  to  when  very 
large-scale  integration  is  the  driver.  Also,  wireless-mesh- 
based  products  —  eliminating  the  need  for  wired  back¬ 
haul  to  every  access  point  —  will  cut  labor-intensive  instal¬ 
lation  costs  dramatically 

MIMO,  which  boosts  throughput  and  range,  plays  a  key 
role  in  this  vision  of  the  future.  So,  even  well  in  advance 
of  802.1  In,  interest  is  rapidly  building  and  the  activity 
level  surrounding  MIMO  is  high.  Given  forward-  and 
backward-compatibility  and  appropriate  applications, 
users  should  have  no  fear  of  jumping  in  before  802.1  In 
is  official.  MIMO-based  WLANs  will  exceed  200M  bit/sec 
well  before  then. 

Mathias  is  a  principal  at  the  Farpoint  Group  in  Ashland, 
Mass.  He  can  be  reached  at  craig@farpointgroup.com. 

More  on  MIMO! 

Head  to  www.nwfusion.com  for  more  resources 
on  MIMO  and  other  WLAN  technologies,  including: 

•  Wireless  Resource  Center:  DocFinder:  3625 

•  Wireless  e-mail  newsletters:  DocFinder  3626 

•  Network  World  Tech  Tour  —  WLAN  highlights: 
DocFinder  3626 
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Throughput  (M  bit/sec)  Advantages 


Disadvantages 


Relatively  low  throughput. 

Completes  with  802.11b  in 
very  limited  spectrum. 

5GHz.  range  may  be  less 
thart  2.4  GHz.  (.11b  and  g). 

Nonstandard,  not  spec¬ 
trally  efficient,  may  cause 
interference. 

Very  limited  range,  not  a 
LAN. 

Not  widely  available,  not 
currently  a  standard. 


802.11b 
802.1 1g 


802.11a 


Very  common,  low  cost. 


Higher  throughput  than 
802.11b. 


Higher  throughput,  many 
available  channels. 


High  throughput  in  low- 
cost  products. 


Very  high  throughput. 


High  throughput,  improved 
range,  spectrally  efficient. 


Channel  bonding 
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802.15.3a 
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ONE  IT  CONSULTANT’S  BATTLE  AGAINSTTHE  MICROSOFT  MONOCULTURE. 


BY  M.  PARK  HUNTER 


WE  ALL  KNOW  THE  PERILS  OF  THE  MICROSOFT  MONOCULTURE: 
viruses, spyware,  endless  patching,  reliability  issues  and  high  licens¬ 
ing  costs.Yet  few  IT  consultants  seem  willing  to  look  at  alternatives. 


There  are  probably  three  reasons  for  this.  One  is 
inertia.The  other  is  a  variant  of  the  old  IT  prov¬ 
erb, “Nobody  ever  got  fired  for  buying  1BM."A 
third  is  that  currently  clean  alternate  technolo¬ 
gies  might  be  equally  afflicted  with  problems  if 
they  were  more  popular.  Maybe,  but  why  cling  to 
products  with  a  past,  present  and  probable  future 
of  security  and  reliability  woes? 

My  company  serves  small  businesses  and  non¬ 
profits  with  typically  a  few  dozen  computers  and 
a  couple  of  servers  each.  Our  clients  hire  us 
because  they  can’t  afford  an  IT  staff. They  should¬ 
n’t  need  monthly  service  calls  to  install  patches, 
reboot  servers  or  disinfect  desktops. 

Thus  we’ve  made  a  careful  choice  over  the  past 
few  years  to  consider  and  use  alternative  tech¬ 
nologies  where  appropriate.  In  some  cases,  only 
Microsoft  will  do  the  trick.  Other  times  there  are 
credible  options. 

Out  of  the  closet 

Starting  in  the  network  closet  is  easiest  because 
it  doesn’t  change  the  end-user  experience. 

Microsoft  has  a  range  of  products  for  network 
infrastructure:  Windows  Server/ Active  Directory 
for  authentication,  file  and  print  services;  Internet 
Security  and  Acceleration  Server  (ISA)  for  fire¬ 
walls;  Internet  Information  Server  (IIS)  for  Web 
servers;  SQL  Server  for  databases;  and  Exchange 
for  e-mail  and  groupware. 

The  whole  lot  can  be  bundled  as  Microsoft 
Small  Business  Server  (SBS)  and  installed  on 
one  machine.  Attractively  priced  and  targeted  at 
small  offices,  SBS  appears  simple  but  is  a 
Frankenstein  of  complexity  underneath.  It  easily 
can  be  the  single  point  of  failure  for  a  network. 

As  an  alternative  to  either  SBS  or  individual 
Microsoft  applications,  I’m  a  fan  of  server  appli¬ 
ances  for  file,  print  and  Internet  access  because 
they  combine  low  cost,  easy  setup  and  hardware- 
class  reliability.  Although  my  experience  is  primar¬ 


ily  with  products  for  small  networks,  similar 
boxes  exist  for  larger  installations. 

Network-attached  file  servers  such  as  Quant¬ 
um’s  Snap  series  can  be  configured  quickly. The 
size  of  a  kitchen  toaster  and  even  more  depend¬ 
able,  they  provide  the  entire  network  file  storage 
needs  for  a  typical  law  office  or  real  estate 
agency  .  Likewise,  network-enabled  printers  ren¬ 
der  PC-based  queues  obsolete. 

Most  people  wouldn’t  think  of  Microsoft  as  a  fire¬ 
wall  vendor,  but  that’s  exactly  what  the  ISA  compo¬ 
nent  of  SBS  promises.  If  you’re  looking  for  an  alter¬ 
native,  consider  a  firewall  appliance.  Even  inexpen¬ 
sive  home-office  firewalls  intended  for  cable  or 
DSL  can  be  plugged  into  a  router  and  T-l, deliver¬ 
ing  robust  firewall  services  plus  surprising  bonuses 
such  as  VPN  and  demilitarized  zones.  I  have  used 
Netgear’s  products  in  libraries  and  small  manufac¬ 
turing  plants  with  good  results.  For  complex 
perimeter  tasks  I  rely  on  software  firewall/routers 
such  as  Qbik’s  WinGate  or  Kerio’s  WinRoute. 

IIS  is  such  a  hack  magnet  that  I  refuse  to  install 
it  unless  an  application  absolutely  requires  it. 
From  industiy-standard  Web  server  Apache  to 
lightweights  such  as  Abyss  XI ,  there  are  many 
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good  alternatives. 

Exchange  is  overkill  for  my  clients  who 
just  need  reliable  email,  i  often  turn  to 
Alt-N’s  MDaemon  for  ease  of  configura¬ 
tion.  MDaemon's  Web-based  email  client 
and  shared  calendar  provide  a  decent 
groupware  solution.  For  diehard  Outlook 
shops  Alt-N  offers  a  plug-in  that  lets 


MDaemon  service  Outlooks  feature  set. 

Even  for  server  applications  and  network 
authentication  there  are  options.  Many 
database  servers  run  on  Linux  or  Mac  OS 
X.  NetWare,  though  pricey,  remains  a  so¬ 
phisticated  and  reliable  network  operating 
system.  Only  twice  in  three  years  I  have 
had  to  touch  a  library’s  NetWare  server  — 


once  to  fix  a  hardware  failure  and  once  to 
update  a  third-party  application. 

When  done  right,  these  “closet”  Microsoft 
replacements  are  transparent  to  end  users. 

Onto  the  desktop 

Outside  the  server  closet  the  Microsoft 
alternatives  are  fewer  and  the  sales  pitch 
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tougher.  Users  spend  years  learning  how 
to  make  their  workstations  perform  basic 
tasks  and  are  loath  to  start  over.  Change 
often  begins  with  the  Web  browser.  Alter¬ 
natives  to  Internet  Explorer  function  simi¬ 
larly  but  without  the  security  loopholes. 
I’m  partial  to  Mozilla  because  it  supports 
Windows,  Mac,  Linux  and  other  clients. 

The  almost  total  lack  of  malicious  code 
on  non-Microsoft  desktops  is  a  powerful 
incentive  to  switch.  Swapping  out  the 
whole  operating  system  is  traumatic  for 
users  but  not  much  worse  than  the  up¬ 
heaval  of  transitioning  older  Windows 
clients  to  XPl’ve  managed  to  switch  some 
clients  to  Mac  OS  X,  which  is  easy  to  learn 
and  supports  native  versions  of  familiar 
applications:  PhotoShop,  QuickBooks, 
FileMaker,  Mozilla  and  Microsoft  Office. 

Successfully  moving  clients  to  Macs 
requires  carefully  configuring  the  ma¬ 
chines  and  providing  users  with  some 
training.  After  a  few  weeks  of  sporadic 
phone  calls,  I  won’t  hear  from  my  Mac 
users  for  months.  Eventually  I’ll  see  them 


products  with  a  past, 

present  and  probable 

future  of  security 
and  reliability 

woes? 


on  the  street  and  they’ll  brag  about  how 
their  computer  hasn’t  crashed  once  or 
how  they  kept  working  while  Fred  spent  a 
day  mopping  up  Blaster  in  his  office.  As 
long  as  they  can  open  Office  files,  use  the 
Internet  and  get  their  work  done,  most 
folks  are  happy  with  their  computer  what¬ 
ever  the  operating  system. 

One  of  the  reasons  the  Mac  is  an  easier 
client  option  than  Linux  is  the  availability 
of  Office.  Office  is  the  hardest  thing  to 
wean  people  from.  I’ve  had  some  luck  get¬ 
ting  casual  users  to  adopt  OpenOffice,  but 
most  spreadsheet  wonks  won’t  accept  any 
substitutes  for  Excel. 

is  all  this  upheaval  worth  it?  Greater  relia¬ 
bility  lower  cost  and  fewer  service  calls 
make  my  clients  happy  —  that’s  my  mea¬ 
sure  of  success.  We  eat  our  own  dog  food, 
too,  mixing  Mac  and  Windows  desktops, 
OpenOffice  and  Microsoft  Office,  the 
Mozilla  browser, Wingate  firewall, 

MDaemon  e-mail, and  Abyss  and  Filemaker 
Web  servers  to  run  our  small  IT  shop. 

Each  time  we  sift  through  a  client’s  clut¬ 
tered  SBS  to  isolate  glitches,  or  reformat 
an  XP  machine  to  eradicate  spyware,  it 
further  encourages  us  to  consider  the 
alternatives. 

Hunter  is  president  and  lead  consultant  for 
MPH  Interactive  in  Williamsport,  Ind.  He  can 
be  reached  at  parkh@rnphinteractive.com. 
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Regulatory  rollouts 

IT  managers  implement  new  technology  to  make  sure  law  is  on  their  side. 


■  BY  ELLEN  MESSMER 

Overseeing  data  and  telecom  installations  isn’t  about  technology  for  technology’s  sake. 
Choices  that  IT  managers  make  have  to  satisfy  legal  requirements,  and  the  impact  of  sim¬ 
ply  following  the  law  can  be  a  catalyst  for  change  in  business. 


At  times, companies  spend  huge  sums  in  the  name  of  reg¬ 
ulatory  compliance.Take  the  Philadelphia  Stock  Exchange 
(PSE).  According  to  Bernie  Donnelly  vice  president  of 
quality  assurance  and  control,  PSE  spent  millions  to  auto¬ 
mate  how  stockbrokers  place  trades  to  comply  with 
Securities  and  Exchange  Commission  (SEC)  rules. 

“It’s  a  highly  regulated  industry  to  start  with,”  Donnelly 


says.'The  SEC  dictates  what  we  have  to  do.” 

In  this  case,  the  SEC  has  asked  regulated  firms  to  use 
industry-developed  guidelines  for  electronic  stock-quote 
processing  by  next  year.  At  PSE,  where  options  traders  were 
accustomed  to  shouting  out  quotes  on  the  exchange  floor 
and  placing  orders  over  the  phone,  this  has  meant  a  shift  to 
handheld  computers  and  a  Nortel-based  802.1  lb  wireless 
network  to  share  trading  information. 


“We  had  to  take  manual  systems  and  make  them  auto¬ 
matic,”  Donnelly  says.  Re-designing  internal  applications 
and  networks  to  support  wireless  electronic  data  cost  about 
$2  million  to  make  sure  the  new  stock-trading  management 
system,  which  is  ramping  up  now,  fit  in  with  the  SEC  guide- 
lines.The  trading  floor  is  now  much  more  quiet,  he  says. 
PSE  isn’t  under  legal  obligation  to  follow  another  set  of 
SEC  guidelines  instituted  after  Congress  passed 
the  Sarbanes-Oxley  Act  in  the  wake  of  the  2002 
accounting  scandals  that  rocked  the  stock  mark¬ 
ets.  But  Donnelly  says  PSE  voluntarily  is  seeking 
to  comply  with  Sarbanes-Oxley  which  requires 
corporations  to  document  internal  controls  and 
be  able  to  rapidly  disclose  financial  irregularities. 

IT  staff  has  met  with  in-house  lawyers  and  audit 
teams  to  understand  what  technology  changes 
might  further  compliance  with  Sarbanes-Oxley 
’’You’ve  got  to  get  the  lawyers  involved,”  Donnelly 
notes.“You  can’t  do  it  on  your  own.” 

NiSource.an  energy  utility  in  Merrillville,  Ind.,  is 
obliged  to  comply  with  Sarbanes-Oxley 
“On  the  financial  side,  [Sarbanes-Oxley]  wants 
to  make  sure  access  controls  are  well  defined 
and  that  audit  controls  are  in  place,”  says  Pete 
White,  CIO  at  NiSource. 

As  one  means  to  comply  with  Sarbanes-Oxley 
NiSource  has  deployed  Consul’s  InSight  Security 
Manager  server-based  audit  and  compliance¬ 
monitoring  software  to  collect  log  data  from 
about  four  dozen  servers  and  other  devices. 
“Consul  is  pulling  in  data  from  Unix,  the  [Cisco 
firewall]  PIX  and  Windows,  and  then  massaging 
it  to  give  us  information  on  what’s  going  on,” 
White  says.“i  have  data  going  back  to  April  in  a 
140-gigabit  drive.” 

Hospitals  face  their  own  set  of  regulatory 
demands. 

“There  are  52  regulatory  agencies  we  have  to 
deal  with  on  the  state  and  federal  level,”  notes 
Ken  Bixel,C10  at  Mount  Nittany  Medical  Center 
in  State  College,  Pa. 

The  U.S.  Department  of  Health  &  Human  Services  regula¬ 
tions  known  as  the  Health  Insurance  Pbrtability  and 
Accountability  Act  (HIPAA)  for  privacy  and  security  of 
patient  data  are  paramount  in  the  minds  of  hospital  IT 
administrators. 

“HIPAA  has  been  my  life,”  Bixel  says. The  effort  to  under¬ 
stand  complex  HIPAA  regulations  has  involved  him  in 
extensive  discussion  with  lawyers  and  the  hospital’s  exec¬ 


utive  and  administrative  groups  as  they  prepare  for  the 
April  deadline. 

“1  don’t  have  a  clinical  background, so  I  have  two  people 
working  for  me  who  are  health  practitioners,”  Bixel  says. 
“One  has  a  degree  in  clinical  informatics  and  can  translate 
what  doctors  say  when  we’re  looking  at  technology  to 
meet  regulations.” 

The  hospital  also  has  turned  to  outside  consultants  spe¬ 
cializing  in  HIPAA,  including  Phoenix  Health  Systems  of 
Gaithersburg,  Md.,  for  guidance. 

“They  can  translate  HIPAA  into  policy]’  Bixel  says. 
“Basically  you  have  to  look  at  medical  records  and  how 
secure  they  are.”  In  the  end,  he  says  it  boils  down  to  securi¬ 
ty  best  practices  and  common  sense. 

Another  hospital,  Denver  Health,  appointed  a  “HIPAA 
compliance  employee,”  a  nurse  whose  job  is  solely  to  study 
HIPAA  and  guide  the  IS  department  on  how  to  protect  and 
secure  data,  says  David  Boone,  the  hospital’s  IT  manager. 

HIPAA  is  leading  to  technology  changes.  Denver  Health, 
for  instance,  switched  from  having  its  doctors  and  nurses 
use  simple  passwords  for  network  authentication  to  using 
smart  cards  with  digital  certificates. 

“HIPAA  says  you  have  to  have  a  secure  password, and  the 
reason  we  went  to  smart  cards  is  that  it  takes  us  a  step 
beyond  what  the  regulations  mean,” Boone  says.The  hospit¬ 
al  uses  the  Gemplus  smart  card  combined  with  Microsoft- 
based  digital  certificates  for  authentication  on  what  Boone 
says  is  a  largely  Microsoft-based  LAN  infrastructure. 

As  part  of  its  effort  on  HIPAA,  Community  Health  Net¬ 
work,  a  hospital  group  in  Indianapolis,  deployed  the  Veri- 
cept  Acceptable  Use  Manager  at  its  Internet  gateway  to 
watch  for  any  sensitive  patient  information  that  might  be 
sent  out  electronically  whether  inadvertently  or  not. 

The  intention  is  to  work  with  employees  to  ensure  nec¬ 
essary  data  sharing  is  done  with  the  patients  privacy  in 
mind,  says  Dave  McClain,  IS  security  manager  at  Com¬ 
munity  Health  Network.  He  adds  the  Central  Indiana 
HIPAA  Working  Group,  which  holds  monthly  meetings  for 
area  hospitals,  has  helped  him  understand  the  regulation. 

HIPAA  isn’t  the  only  regulatory  elephant  in  the  room. 

The  national  hospital  accreditation  organization  known 
as  the  Joint  Commission  of  Accreditation  of  Healthcare  Or¬ 
ganizations  (JCAHO)  sends  in  an  inspection  team  at  least 
once  every  few  years  to  give  hospitals  a  thorough  check-up. 

“They  also  look  at  your  medical  records  and  how  secure 
they  are,”  Mount  Nittany  Medical  Center’s  Bixel  says.The 
accreditation  organization  wants  hospitals  to  have  central¬ 
ized  nurse  and  doctor  call  systems.  And  they  check  to 
make  sure  refrigerators  for  storing  medicines  and  patient 
lab  specimens  are  at  certain  temperatures  and  that  data  is 
logged  periodically 

That’s  done  manually  today  in  a  labor-intensive  process, 
but  JCAHO  requirements  have  Mount  Nittany’s  IT  staff  pon¬ 
dering  how  to  automate  the  process.  If  the  hospital  can  fig¬ 
ure  out  how  to  do  that  with  wireless  LANs,  it  will  be  anoth¬ 
er  example  of  regulation  driving  technology  adoption.* 
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A  KVM  switch  allows  single  or  multiple 
workstations  to  have  local  or  remote  access  to 
multiple  computers  located  in  server  rooms  or 
on  the  desktop  regardless  of  their  platforms 
and  operating  systems.  KVM  switches  have 
traditionally  provided  cost  savings  in  reducing 
energy  and  equipment  costs  while  freeing  up 
valuable  real  estate. 

Recognized  as  the  pioneer  of  KVM  switch 
technology,  Rose  Electronics  offers  the 
industry's  most  comprehensive  range  of 
server  management  products  such  as  KVM 
switches,  extenders  and  remote  access 
solutions.  Rose  Electronics  products  are 
known  for  their  quality,  scalability,  ease  of  use 
and  innovative  technology. 

Rose  Electronics  is  privately  held  with  world- 
headquarters  in  Houston,  Texas  and  sells  its 
products  worldwide  through  a  large  network  of 
Resellers  and  Distributors.  Rose  has 
operations  in  the  United  Kingdom,  Spain, 
Germany,  Benelux,  Singapore  and  Australia. 


SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


Rose  Electronics 
10707  Standiff  Road 
Houston,  Texas  77099 


ROSE  US  +281  933  7673 

ROSE  EUROPE  +44  (0)  1264  850574 

ROSE  ASIA  +65  6324  2322 


UltraMatrix  Remote" 

REMOTE  MULTIPLE  USER 
KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 

•  Connects  1,000  computers  to  multiple  user  stations 
over  IP  or  locally 

•  High  quality  video  up  to  1280  x  1024 

•  Scaling,  scrolling,  and  auto-size  features 

•  Secure  encrypted  operation  with  login  and  computer 
access  control 

•  Advanced  visual  interface  (AVI) 

•  No  need  to  power  down  servers  to  install 

•  Free  lifetime  upgrade  of  firmware 

•  Available  in  several  models 

•  Easy  to  expand 

800  333  9343 


ROSE  AUSTRALIA  +617  3388  1540 


WWW.ROSE.COM 


UltraConsole 

PROFESSIONAL  SINGLE-USER 
KVM  SWITCH  SUPPORTS  UP 
TO  1000  COMPUTERS 


Connects  up  to  1000  computers  to  a  KVM  station 
Models  for  4,  8,16  computers 
Advanced  visual  interface  (AVI) 

Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 

Connects  to  PS/2,  Sun,  USB,  or  serial  devices 

Converts  RS232  serial  to  VGA  and  PS/2  keyboard 

Free  lifetime  upgrade  of  firmware 

Security  features  prevent  unauthorized  access 

Full  emulation  of  keyboard  and  mouse  functions  for  automatic, 

simultaneous  booting 

Easy  to  expand  _  _  _ 


ELECTRONICS 


How  Do  You 
Securely  Reboot 

via  IP? 

Sentry  Gives  You  Secure  Web/I P  Based  Remote  Site  Management 

"NEW!"  Secure  Shell  (SSHv2)  Encryption  « 
"NEW!"  SSLv3  Secure  Web  Browser « 
"NEW!"  Active  Directory  with  LDAP  « 
SNMP  MIB  &  Traps  « 
Integrated  Secure  Modem  « 
True  RMS  Power  Monitoring  « 
Outlet  Receptacle  Grouping  for  Dual-Power  Servers  « 
Fail-Safe  Transfer  Switch  for  Single-Power  Supply  Servers  « 
Power-up  Sequencing  Prevents  Power  In-rush  Overload  « 
Temperature  &  Humidity  Environmental  Monitoring  « 
Zero  U  &  Rack-mount  Models  « 
110/208  VAC  Models  with  30-Amp  Power  Distribution  « 
NEBS  Approved  -48  VDC  Models  Available  « 


Server  Technology 


Solutions  for  the  Data  Center  Equipment  Cabinet 


When  servers  and  network  devices 
in  the  data  center  lock-up,  network 
managers  need  fast,  secure  and 
reliable  tools  to  respond.  With 
Sentry™  Remote  Site  Managers, 
an  administrator  can  immediately 
reboot  a  remote  system  with  just 
a  few  mouse  clicks.  Sentry  also 
provides  accurate  input  current 
power  monitoring,  environmental 
monitoring  and  integrated  secure 
console  management  using  SSH. 


PT46 


Server  Technology,  Inc. 

.. 

Server  Technology,  Inc.  toll  free +1.800.835.1515 
1040  Sandhill  Drive  tel  +1.775.284.2000 

Reno,  MV  89521  fax  +1 .775.284.2065  ' 


;  .  www.servertech.com 

.  _  t  •  ■■■■;&£*, 

sales@senrertech.com 

\ 

©Server  Technology.  Inc.  Sentry  k a  trademark  of  Server  Technology 
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Celebrating  our  40th 
Year  in  DataCom 


“Keeping  the  Net. .Working! 


Reboot  your  Network  Equipment  via  Telnet,  Dial-Up  and  Local  Console 


Network  equipment  sometimes  "locks-up”  requiring  a 
service  call  just  to  flip  the  power  switch  to  perform  a 
simple  reboot.  The  NPS  Network  Power  Switch  gives 
network  administrators  the  ability  to  perform  this 
function  from  anywhere  on  the  LAN/WAN,  or  if  the 
network  is  down,  to  simply  dial-in  from  a  standard 
external  modem  for  out-of-band  power  control. 


Eight  (8)  Individual  Outlets 
Dual  15-Amp  Circuits 
Integrated  10-BaseT  Interface 
RS-232  Modem  and  Console  Ports 
Outlet-Specific  Password  Security 
Network  Security  Features 
Power-up  Sequencing 
Co-Location  Features 
Modem  Auto-Setup  Command  Strings 


Individually 
Programmable 
Outlet  Plugs  (8) 


lOBase-T  Ethernet 
Interface 


1 9”  Rack  Brackets 
Allow  Front,  Back,  or 
Center  Mounting 


By  Mark  Gibbs 
Network  World 
2/18/02 


Out-of-Band 

Management 


RS232 
Console  Port 


www.wti.com 


(800)  854-7226 


Dual  15  Amp 
Power  Circuits 


4  out  of  5  of  Fortune  Magazine’s  most  profitable  companies  purchased 
lltSearch  developer  or  multi-user  licenses  in  the  past  two  years. 
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Publish  Large  Document  Collections 
to  the  Web  or  to  CD/DVD 


♦  over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  &  PDF  while  displaying  embedded 

links,  formatting  &  ITmEM4.4 _ 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet, 
email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 


dtSearch  Reviews... 

♦  “The  most  powerful  document  search  tool  on  the  market” 

—  Wired  Magazine 

Intuitive  and  austere  ...  a  superb  search  tool”  —  PC  World 

♦  “Blindingly  fast”  — Computer  Forensics:  Incident  Response 

Essentials 

♦  “A  powerful  arsenal  of  search  tools”  —  The  New  York  Times 

♦  “Covers  all  data  sources  ...  powerful  Web-based  engines” 

—  eWEEK 

♦  “Searches  at  blazing  speeds”  —  Computer  Reseller  News 
Test  Center 


See  www.dtsearch.com  for: 

%  hundreds  of  developer  case  studies  &  reviews 


fully-functional  evaluations 


The  Smart  Choice  for 
Text  Retrieval®  since  1991 
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Custom  Management  Levels 

OBSERVER 

•  Decode  over  500  protocols 

•  Long-term  network  trending  &  analysis 

•  Real-time  statistics 

EXPERT  OBSERVER 

•  What-lf  Modeling  Analysis 

•  Expert  Analysis 

•  Connection  Dynamics 

OBSERVER  SUITE 

•  Complete  SNMP  device  management 

•  Supports  full  RM0N1,  RM0N2,  HCRMON 

•  Web  Publishing  Reports 


Remote  &  Hardware  Options 

REMOTE  NETWORKING  PROBES 

•  Fully  distributed 

•  Monitor  up  to  64  NICs  simultaneously 

•  New  levels  of  problem  solving  collaboration 


GIGABIT  &  WAN  HARDWARE  OPTIONS 

•  Portable  analyzer  systems 

•  Rack-mount  Probes  ready  to  go 

•  Direct,  passive  link  for  independent  views 


Test-drive  the  new  Observer  9  today  and  see  how  it  immediately 
finds  problems  you  didn’t  know  you  had,  optimizes  network  traffic 
and  provides  insight  for  future  planning.  Call  800-526-5958  for 
a  full  featured  evaluation  or  visit  our  website  at 

www.networkinstruments.com/nine 


Introducing  Observer  9 

•  New  Application  Analysis 

•  Remote  probes  now  provide  multi-interface  and 
multi-session  support 

•  Industry-first  4GB  packet  capture  buffer 

•  Wireless  Site  Survey  Modes 

•  Nanosecond  resolution 


US  &  Canada  Toll  free:  (800)  526-5958  •  Fax:  (952)  932-9545  •  UK  &  Europe:  +44  (0)  1959  569880 


•  Now  over  450  Expert  Events 

•  SNMP,  RMON  and  now  HCRMON  support 


NETWORK* 


One  Network  Complete  Control  Wired  to  Wireless  •  LAN  to  WAN 


& 


OBSERVER 


OBSERVER 


& 


n  /  r.  /.  /  -  /  '/ 

OBSERVER 


www.networkinstruments.com/nine 

©  2004  Network  Instruments,  LLC.  All  rights  reserved.  Observer,  Network  Instalments  and  the 
Network  Instruments  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 


AdventNetj  www.opmanager.com 


FREE 

30  Day  Trial 
Download 


Luggage,  Fine  Leather  Goods, 
Gifts,  and  more! 

Tumi,  Hartmann,  Andiamo, 
Samsonite,  Cross 
10%  discount  for  Network 
World  readers 
Enter  code  NWW2004 


Climate  Monitor 

$389 


Ethernet/Web 

Temperature 
Air  Flow 
Humidity 
Door  position 
Sound 
Light  Level 
Power 

Video  optional 
16  external  sensors 


Rack  Mounted 

Monitor  Multiple  Cabinets 

HTML  (no  client  needed) 
SMTP  (e-mail  alerts) 
SNMP  (MIB,  Traps) 
Graphing 
Console 


O  IT  Watchdogs 

See  it  working  at:  www.ITWatchdogs.com 

http://63.237.104.17  512-257-1462 
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If  it’s  on  thelB  WORLDWIDE  PROVIDER 

network,-  -  •  *  OF  NETWORK 

vfe’vegotit!  HARDWARE 

i  h.  SINCE  19811 

•  NetWork  Hardware 

•babies  , 

I'  >rr 

•  Memory 

•  Accessories  fj 

salesOwrca.net  -  (800)699-9722x102 


OF  NETWORK 
HARDWARE 
SINCE  19811 


THE  NETWORK  SPECIALISTS 

WRC^NET 


FIBER  OPTIC  SOLUTIONS 

•  Tl/El  &  T3/E3  Modems 

•  RS-232/422/485  Modems  and 
Multiplexers 

•  IBM  3270  Coax,  AS400  Twinax,  and 
RS6000  Modems  and  Multiplexers 

•  LAN  -  Arcnet/Ethernet/Token  Ring 

•  Video/Audio/Hubs/Repeaters 

•  ISO  9001 

•  USB  Modem  and  Hub 


m  A 

<9.1,  <<  Ae«ro  m 

Toll  Free  866  SITeth  1 
630-761-3640.  Fax  630-761-3644 
www.sifeth-bifdriver.com  or  www.siiethfiber  tom 


IT  PROFESSIONALS 

Senior  Manager,  Strategy  and  Operations 

(Glen  Mills,  Pennsylvania  and  other  locations  through  the  U.S.).  Lead 
sales  pursuits  and  execution  of  re-engineering  projects  from  conception 
to  final  delivery  in  the  area  of  strategy  and  operations  as  well  as  supply 
chain  arid  procurement  assignments  for  clients  Responsible  for  industry 
and  client  financial  and  strategic  analysis,  modeling  and  business  case 
development.  Responsible  for  New  Product  Development  Stage  Gate 
Processes,  strategic  procurement  and  sourcing,  advertising  effective¬ 
ness.  SAP  Process  design  and  configuration  and  Trade  Promotion 
Management  within  the  Consumer  Business  Industry.  Manage  perfor¬ 
mance  of  projects  including  identification  of  issues,  root-cause  analyses, 
it.turing  of  solution  frameworks,  financial  analysis  and  modeling 
and  data  analysis.  Lead  vendor  discussions  and  negotiations,  and  act  as 
the  primary  interface  with  senior  client  executives.  Supervise  client 
change  management  programs,  including  enterprise-level  constructive 
communications.  Responsible  for  recruitment  of  engagement  teams, 
supervising  Consultants  at  various  levels,  providing  direction  to  the  team 
arid  providing  feedback  on  their  performance.  Responsible  for  systems 
selection  and  implementation,  including  ERP,  e-sourcing  and  new  product 
development.  Create  tools,  frameworks  and  methodologies  to  develop 
intellectual  capital.  Responsible  for  trade  promotions  management  includ¬ 
ing  best  practices  and  supporting  technology. 

The  wage  offered  is  $135,000  per  year.  The  work  schedule  is  Monday- 
Fnday,  9:00  am  to  5:00  pm.  The  minimum  requirements  are  as  follows: 
Bachelor's  degree  in  Business  Administration,  Operations,  Finance  or 
Management  +  7  years  of  experience  in  the  job  offered  or  7  years  of  expe¬ 
rience  as  a  Senior  Manager,  Manager,  Senior  Consultant,  Consultant, 
Account  Director,  Account  Manager,  Account  Executive  or  related  occu¬ 
pation.  Employer  will  regard  a  foreign  degree  to  be  equivalent  to  a  US 
Bachelor's  degree  as  determined  by  an  accredited  academic  credentials 
evaluation  service.  Related  experience  must  include  at  least  2  years  with 
Sales  and  Merchandising  Strategy  in  account  management,  SAP  process 
design  and  configuration.  Trade  Promotion  Management,  and  New 
Product  Development,  including  experience  with  the  Stage-Gate  process, 
strategic  sourcing  and  project  management  with  consumer  product  and 
retail  industry  segments  as  well  as  Consumer  Business  Strategy  and 
Operations. 

Please  send  your  resume,  referencing  Job  Order  Number  WEB448386  to 
the:  PA  Careerlink,  FLC  Unit,  235  W.  Chelten  Avenue,  Philadelphia,  PA 
19144.  EOE. 


IT  PROFESSIONALS 
Senior  Consultant 

(Glen  Mills,  Pennsylvania  and  other  locations  through  the  U.S.).  Perform 
accurate  analysis  and  effective  diagnosis  of  client  issues  and  manage 
day-to-day  client  relationships  and  project  teams.  Responsible  for  assist¬ 
ing  client  organizations  in  developing  roadmaps  to  establish  customer 
analytics  environment  and  support  business  growth.  Evaluate  the  existing 
customer  care  processes  including  Siebel  implementations  for  telecom¬ 
munications  industry  clients  and  define,  develop  and  deliver  training  pro¬ 
grams  to  enhance  user  acceptance.  Perform  business  process  reengi¬ 
neering,  strategic  planning  and  knowledge  management  related  to  devel¬ 
opment  and  implementation  of  new  business  and  system  processes. 
Define  systems  strategy,  develop  system  requirements,  administer  testing 
and  training,  and  define  support  procedures  for  systems  including  CRM 
systems  (Siebel),  and  application  portal  (Broadvision).  Identify  and  evalu¬ 
ate  control  structures,  especially  for  IT-enabled  processes.  This  includes 
identification  of  inadequate  practices,  testing  of  control  systems,  recom¬ 
mending  measures  for  improvement,  and  establishing  plans  for  ongoing 
monitonng.  Actively  evaluate  client's  systems  in  relation  to  the  competitive 
landscape,  identify  efficiency  frontier  and  develop  reinforcing  activities 
and  capabilities  for  sustainable  competitive  advantage. 

The  wage  offered  is  $95,000  per  year.  The  work  schedule  is  Monday- 
Friday,  9:00  am  to  5:00  pm.  The  minimum  requirements  are  as  follows: 
Bachelor's  degree  in  Computer  Science,  Engineering  (any),  Management 
Information  Systems  or  Business  Administration  +  2  years  of  experience 
in  the  job  offered  or  2  years  of  experience  as  a  Senior  Consultant, 
Consultant,  Systems  Analyst  or  related  occupation.  Related  experience 
must  include  at  least  two  years  of  consulting  experience  in  the  telecom¬ 
munications  industry  with  at  least  one  year  of  CRM  Systems  knowledge 
including  Siebel  development  and  Broadvision.  Please  send  your  resume, 
referencing  Job  Order  Number  WEB448348  to  the:  PA  Careerlink,  FLC 
Unit,  235  W.  Chelten  Avenue.  Philadelphia,  PA  19144.  EOE. 


Recognition  Algorithms  Dev 
Engineer  -  Recognition  problem 
classification  w/respect  to  real- 
life  images  &  analysis  of  system 
requirements.  Mathematical  for¬ 
malization  of  specific  recognition 
problems  using  Probability 
Theory,  Neural  Networks, 
Pattern  Recognition  & 
Metastroke  Theory.  Develop¬ 
ment  of  program  architecture  & 
interfaces.  Development  of  algo¬ 
rithms  of  statistical  data  analy¬ 
sis.  Image  processing  algo¬ 
rithms,  algorithm  &  SW  develop¬ 
ment  for  field  location  on  forms, 
form  removal,  document  struc¬ 
ture  analysis,  phrase  &  word 
segmentation.  Implementation 
of  algorithms  using  C/C++  & 
Assembler  in  actual  recognition 
products.  Tuning  &  customiza¬ 
tion  of  recognition  products  for 
specific  data  sets.  Optimization, 
support  &  improvement  of  the 
code  for  Win  &  UNIX  platforms. 
BS  Comp  Sci  or  related  field  + 
working  knowledge  of  Algo¬ 
rithms  development  &  imple¬ 
mentation:  Probability  Theory, 
Statistics,  Neural  Networks  and 
Metastroke  Theory;  Document 
analysis  for  handwriting  recogni¬ 
tion;  C/C++  &  Assembler.  $70k / 
yr.  M-F  40  hrs/wk.  Boulder,  CO. 
Must  have  proof  of  legal  author¬ 
ity  to  work  permanently  in  U.S. 
Application  by  resume  only  to 
Workforce  Development  Prog¬ 
rams,  PO  Box  46547,  Denver, 
CO  80202.  Ref  job# 
CO5088878. 


SENIOR  SOFTWARE  ENGI¬ 
NEER.  Responsible  for  design  of 
back  end  products  (Service 
Monitor)  used  by  company's 
major  products.  Design  XML/COM 
property  set  based  communication 
architecture  between  back  end 
and  high  level  front  ends  using 
Visual  Basic  script.  Design  silent 
script  based  setup  program  for 
remote  deployment.  Design 
libraries,  programming  tools  and 
unit  testing  tools  for  Service 
Monitor  programming  environ¬ 
ments.  Supply  samples  and  pro¬ 
gramming  guidelines.  Responsible 
for  technical  lead  and  training 
with  Microsoft  technologies,  Visual 
Basic  and  Visual  C++  multitier 
applications  using  WIN32,  ATL, 
COM,  COM+  and  .NET. 
Responsible  for  WIN32  and  COM 
design  and  programming  techni¬ 
cal  support.  40  hrs/wk.  Bachelors 
degree  in  Computer  Science.  4 
yrs.  exp.  in  job  offered  or  4  yrs. 
related  exp.  in  software  engineer¬ 
ing  and/or  consulting. 
$101,008/yr.  Apply  at  the  nearest 
Employment  Security  Commission 
office  of  North  Carolina  or  submit 
resume  to  Employment  Security 
Commission,  742-F  East  Chatham 
Street,  Cary,  NC  27511.  J.O.  # 
NC5705907  and  DOT  code 
030.062-010.  All  resumes  must 
include  applicant’s  Social 
Security  Number.  AD  paid  by 
an  Equal  Opportunity  Employer. 


Seeking  qualified  applicants  for 
the  following  positions  in  Mem¬ 
phis,  TN:  Senior  Business  Sys¬ 
tems  Analyst.  Develop  major 
applications  systems  require¬ 
ments.  testing  and  controls. 
Requirements:  Bachelor's  de¬ 
gree  or  equivalent*  in  business, 
computer  science,  engineering, 
mathematics,  MIS  or  related 
field,  plus  5  years  of  experience 
in  systems  planning  and  design 
or  systems  development  and  int¬ 
egration.  Experience  with  main¬ 
frame  systems  support,  invoic¬ 
ing/revenue  testing,  and  writing 
and  executing  test  plans  and 
test  scripts  also  required.  "Mas¬ 
ter's  degree  in  appropriate  field 
will  offset  2  years  of  general 
experience.  Submit  resumes  to 
David  Hanks,  Federal  Express 
Corporation,  3680  Hacks  Cross 
Road,  Bldg  H,  1st  Floor,  Mem¬ 
phis,  TN  38125.  EOE  M/F/D/V. 


Oracle  Clinical  Consultant  to 
plan,  design  study  in  Oracle 
Clinical  4.0;  develop  DCMs, 
remote  data  entry  screens,  DCIs 
etc;  design,  develop  validation 
procedures  using  PL/SQL  in 
Oracle  Clinical's  validation  mod¬ 
ule;  develop  SAS,  SQL  views 
using  TOAD,  SAS,  Oracle  Clin¬ 
ical;  perform  CRF  designing, 
database  building,  randomiza¬ 
tion,  query  resolution,  reporting, 
subject  randomization  algo¬ 
rithms  using  Oracle  Clinical, 
Normlab,  SAS,  SPSS,  Adobe 
Framemaker.  Require:  MS  in 
CS,  Computer  Engg  or  Statistics 
and  6  months  exp  in  Oracle  Clin¬ 
ical,  SAS.  Competitive  salary, 
F/T,  travel  involved.  Resumes 
to:  Scott  Bryant,  Judge  Tech¬ 
nical  Services,  Inc.  3  Davol 
Square,  Suite  3A,  Providence, 
Rl  02903. 


COMPUTER 

T&T  Solutions  seeks 
Software  Engineers,  Sr. 
Software  Engineers, 
Systems  Analyst,  Or¬ 
acle  Apps.,  technical 
consultants  etc.  Salary 
commensurate  w/edu- 
cation  &  exp.  Fax 
resume  to  (818)  676- 
1272  or  e-mail  to 
iobs@ttsus.com  c/o  HR 
Dept. 


SYSTEMS  ANALYST 
-  Udr.  sprvsn.  analyze 
usr.  telecomm,  reqs. 
to  install  &  improve 
syst.  Req:  BS  in  CS 
or  Comp.  Info.  Sys.  & 
fluency  in  Japanese  & 
English.  Resumes: 
Syscom  USA,  Inc.  55 
Broadway,  17th  Floor, 
NY,  NY  10006.  Attn: 
S.  Sato. 


Denso  Manufacturing  is  looking 
for  Process  Engineer  responsi¬ 
ble  for  heat  exchange  process 
introduction  (Evaporator  area) 
including  jig  specs,  control 
plans,  ergonomics,  leaks  & 
scrap  improvement.  Min  is  BS 
with  exp  in  XRD,  Unix.  Send 
resumes  to  One  Denso  Rd, 
Battle  Creek,  Ml  49015.  EOE. 

K&M  Softech  is  looking  for  pro¬ 
grammer/system  system,  soft¬ 
ware/project  engineers,  IT  pro¬ 
fessionals.  Both  entry  &  experi¬ 
enced  levels  needed.  Some 
positions  require  travel.  Skills  in 
C/++,  VB,  Oracle,  SAP,  SQL, 
Java  are  plus.  Please  send 
resumes  to: 

Recruit@kmsoftech.com.  EOE. 


Systems  Analyst  II,  BS  in 
Comp.  Sci.  or  rel  field  +  2 
yrs  rel  exp,  incl  exp 
w/GAAP  principles,  insur¬ 
ance  &  mortgage  business 
concepts  &  calculations  & 
s/ware  dvlpmt  using 
Windows  or  Intranet/ 
Internet  platforms.  Demon¬ 
strated  oral  &  written  com¬ 
munication  skills.  Send 
applications  to  Tej  Dhawan, 
1601  -  48th  St.,  Ste.  220, 
West  Des  Moines,  IA 
50266. 


In-Venture  Soft  is  seeking  IT 
consultants  to  design  &  devel¬ 
op  applications  for  various  pro¬ 
jects.  Applicants  must  have 
BS/MS  with  solid  background 
in  Oracle,  WebSphere,  Java, 
EJB,  ASP.  We  offer  competitive 
wage  with  full  benefit.  Travel 
maybe  required.  Apply  at 
resume@ivsinc.net.  EOE. 

RouteOne,  a  joint  venture  dev¬ 
eloped  to  create  a  more  effi¬ 
cient  automotive  finance  pro¬ 
cess  for  dealers,  has  openings 
for  IT  professionals  to  develop 
Java  applications.  Qualified 
applicants  must  have  BS/MS 
with  IT  experience.  Please  con¬ 
tact  careers@routeone.com. 
No  calls.  EOE. 


Information 

Overload? 


Take  a  break  at 
itcareers.com 
and  take  the 
hassle  out  of  job 
searching! 


www.itcareers.com 


LOOKING  FOR  A  NEW 


IT  CAREER? 


CHECK  US  OUT  AT: 


WWW.ITCAREERS.COM 
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Programmer  Analysis  to  ana¬ 
lyze.  design,  test,  implement 
and  maintain  software  systems 
in  client  server  envir  using  C, 
Java,  HTML,  VB,  ORACLE,  MS 
Access,  etc  under  Windows. 
UNIX  OSs;  write  documentation 
to  describe  program  develop¬ 
ment  and  logic;  perform  onsite/ 
offsite  maintenance,  debugging, 
testing,  and  code  optimization. 
Require:  BS  or  foreign  equiv  in 
CS/Engineering  (any  branch) 
with  2  yrs  exp  in  IT.  Competi¬ 
tive  salary,  F/T,  travel  involved. 
Resume  to  HR,  Ordusion  Tech¬ 
nologies,  Inc,,  3883  Rogers 
Bridge  Road.  Suite  504,  Duluth, 
GA  30097. 


Sr.  Database  Specialist,  North¬ 
ern  VA  and  unanticipated  client 
locations  in  the  U.S.,  needed  to 
install,  implmt.,  maintain  &  cus¬ 
tomize  DB2  on  OS/390.  Win¬ 
dows  and  UNIX  platforms.  Incl. 
related  ISV  program  products  & 
config.  of  SNA  &  IP  netwk'g 
between  platforms.  Provide  task 
mgmt.  to  d-base  specialists. 
Req  B  S.  in  CS,  EE.  Comput¬ 
ing,  or  Math.  Must  have  8+  yrs  of 
work  exp.  in  job  or  as  a  DBA  & 
knowledge  of  DB2  internals, 
DB2  DDF,  BMC  tools,  DB2  tun¬ 
ing/design/security/backup  &  re¬ 
covery.  40  hr/wk.  OT  as  needed. 
Send  copy  of  ad  w/resume  to 
Networking  for  Future,  Inc.,  Attn: 
H.  Fatemi,  1420  Spring  Hill  Rd., 
Ste.  600,  McLean,  VA  22102. 


Software  Engineer- 
Applications 

Design  and  develop  software 
application  solutions  for  the  in¬ 
vestment  banking/financial,  tele¬ 
com  and  IT  Industries.  Must 
have  Masters  Degree  in  Compu¬ 
ter  Science  or  in  a  related  field  & 
2  yrs.  exp.  or  2yrs.  exp.  in  a 
related  position  w/ability  to  use: 
JavaScript,  Struts,  Lynx  Frame¬ 
work,  and  Pro’C.  40.0  hrs./wk 
8:00  AM  -  6:00  PM. 

Applicants  send  cover  letter 
and  resume  to:  Cyber  Korp, 
lnc.,400  West  Lake  Street.  Suite 
216,  Roselle  IL  60172-3572, 

Attn:  HR  MGR. 


Sr.  Systems  Analyst/Project  Mgr. 
needed  to  lead  analysis  of  client 
bus.  process/acctg.  require¬ 
ments  for  implement,  of  custom 
ERP  business/acctg.  software. 
Requires  degree  +  exper.  & 
Microsoft  Navision  certification. 
Exper.  must  incl:  Gap-fit  anal, 
reporting;  Microsoft  C/SIDE  pro¬ 
gramming;  demonstrated  under¬ 
stand.  of  gen  acctg  proce¬ 
dures  Based  in  Santa  Monica. 
CA  -  Travel  up  to  80%  to  client 
sites  in  N.  CA  &  S.  CA.  Send 
resume  to:  S.  Mauser.  Special¬ 
ists  in  Custom  Software,  2120 
Colorado  Ave.,  Suite  150,  Santa 
Monica,  CA  90404.  Must  be  able 
to  work  without  employer  spon¬ 
sorship. 


Principal  Software  Engineer:  Pri¬ 
mary  responsibility  for  the  devel¬ 
opment  of  networking  software 
Responsible  for  functional  spec 
dev,  arch  design,  implementa¬ 
tion  and  verification.  MS  or  for¬ 
eign  equiv.  in  EE  or  CS  plus  5  yr. 
exp.  that  must  include  3  yr.  with 
one  or  more  network  protocols 
including  IP,  TCP,  ARP,  DHCP, 
DNS.  SNMP.and  firewall.  .  Must 
be  familiar  with  IP  QOS  proto¬ 
cols  and  RFCs.  Must  have  dev¬ 
elopment  exp.  with  Linux,  and  in 
C/C++.  Please  send  resume  to 
Ucentric  Systems,  2  Clock  Tow¬ 
er  Place,  Suite  550,  Maynard, 
MA  01754,  Attn  to  Pat  Riley. 


Sr.  Software  Developer 
needed  to  provide  solutions 
to  business  &  technical 
problems;  dsgn  &  dvlp 
applic  s/ware  using  Unix,  C, 
C++,  Java,  Oracle,  VB, 
UML,  TCP/IP  &  Win  NT; 
dsgn  &  dvlp  automation 
systms  on  client-server 
architecture  apply  OO  tech¬ 
niques.  Resume  to:  Global 
Consultants,  Attn:  Hireme, 
8800  Grand  Oaks  Circle, 
Ste  100,  Tampa,  FL  33637. 


Support  Mgr.  Dallas,  TX.  Man¬ 
age  team  of  prof,  support  con¬ 
sultants  &  provide  back  end 
support  in  deployment,  installa¬ 
tion  &  troubleshooting  of  Amtrix 
&  TSIB;  liaison  w/develop. 
team  in  integration,  stress  & 
load  testing  of  Amtrix  &  TSIB 
Use  Weblogic,  Exceed,  AMTrix 
&  TSIB;  Oracle  8i  &  9i  on  Unix 
&  WinXX  OS.  Req:  BS  in  comp 
sci  &  1  yr  exp  AMTrix  integra¬ 
tion,  configuration,  support  & 
troubleshooting.  Resumes  to: 
M.  Williams,  Viewlocity,  Inc., 
3475  Piedmont  Road,  Suite 
1700,  Atlanta,  GA  30305. 


Software  Developer  -  Austin, 
TX.  Use  SI  corp  standard  dev 
tools  &  project  method  to  devel¬ 
op.  install  &  test  solutions  to 
specific  user  tech  &  bus.  prob¬ 
lems  within  context  of  SI  Bank 
products  using  Borland  Delphi  7. 
Req:  BS  comp  sci,  engg,  or 
related,  2  yrs  consultant  or 
engg.  &  knowledge  of  Delphi, 
java,  UML  design  tools,  ISS, 
SQL,  and  ClearCase.  Perm  US 
workers  only.  Resume  to  N. 
Green  (TX),  SI,  Inc.,  3500 
Lenox  Rd..  Ste  200,  Atlanta,  GA 
30326 


COMPUTER  PROFESSIONALS 
Opportunities  for: 

•  SYSTEMS/BUSINESS/ 
PROGRAMMER  ANALYSTS 

•  PROCESS  CAPABILITY 
ANALYST 

•  QC  ANALYST 

•  WEB  ARCHITECTS/ 
DEVELOPERS 

•  SYSTEMS  ANALYSTS 

•  WEB  GRAPHIC  DESIGNERS 

•  NETWORK  ENGINEERS 

•  PROGRAMMER/ANALYSTS 

•  SOFTWARE  ENGINEERS 
SKILLS: 

•  COLD  FUSION  •  SPECTRA 

•  ORACLE  •  VISUAL  BASIC 

•  VISUAL  C++  •  SIEBEL  •  ASP 

•  COM,  DCOM  •  JSP  •  HTML 

•  JAVA.  JAVA  BEAN  •  EJB  JAVA 
SERVLETS  •  WEBSPHERE 

•  IBM  MQ  SERIES  •  XML. UML 

•  MTS  •  CLARIFY  •  PERL 

•  OBJECTPERL  •  SPYPERL 

•  SMALLTALK  •  PL/SQL 

•  VISUAL  AGE  •  COBOL,  SPL. 
UNIX 

Visit  our  website  @ 
www.computerhorizons.com 
Attractive  salaries  and  benefits. 
Please  forward  your  resume  to: 
H.R.  Mgr.,  Computer  Horizons 
Corp.,  49  Old  Bloomfield 
Avenue,  Mountain  Lakes,  New 
Jersey  07046-1495.  Call 
973-299-4000.  E-mail:  jobs@ 
computerhorizons.com.  An 
Equal  Opportunity  Employer  M/F. 


Software  Development  Manager 
-  provide  business  software  de¬ 
velopment  solutions  for  Fortune 
500  clients;  engage  in  business 
modeling,  analysis  &  design  of 
complex  software  applications; 
architect  &  manage  J2EE  solu¬ 
tions  for  clients  in  the  areas  of 
portals,  Content  Management 
and  Business  intelligence/Data 
Warehousing  using  Cognos 
ReportNet,  Crystal  Reports  &  J 
Reports;  lead  a  team  of  ana¬ 
lysts/engineers  in  the  design, 
development,  testing  &  deploy¬ 
ment  of  custom  Cognos  Re¬ 
portNet  on  IBM  Websphere  plat¬ 
form  using  J2EE;  implement  all 
Rational  tools  including  Requi¬ 
site  Pro,  XDE,  ClearCase  & 
Clearquest;  mentor  develop¬ 
ment  teams  in  technical  aspects 
of  J2EE,  ATG-Dynamo,  SAP, 
Cognos  &  Websphere.  Requires 
BS  (or  MS)  in  computer  science, 
information  systems  or  engi¬ 
neering  plus  5  YR  progressive 
exp.  (3  years  with  MS).  Email 
resumes  to  Command  Technolo¬ 
gies,  Inc.,  an  MTC  Technologies 
Company,  at: 

ddubinskas@commtechinc.com 


Prog/Analysts  to  analyze,  des¬ 
ign  software  appls  using  C, 
C++,  Compile  Tools,  Oracle, 
lnformix-4GL,  Informix  Online, 
SQL  Server,  OR  Java,  JSP, 
Servlets,  XML,  ASP,  Visual 
Basic,  EJB,  JavaScript,  HTML, 
DHTML  -  under  Windows,  UN¬ 
IX  OSs;  design  APIs  for  back¬ 
up/recovery  framework;  pro¬ 
vide  on  site  maintenance  sup¬ 
port  such  as  debugging,  modifi¬ 
cations,  fine  tuning  &  code  opti¬ 
mization.  Require:  BS  or  foreign 
equiv.  in  CS/Engg.(any  branch) 
&  2  yrs  of  exp.  in  IT.  F/T.  com¬ 
petitive  salary.  Travel  involved. 
Resumes  to:  HR,  Semafor 
Technologies,  Inc.,  3300,  Hol¬ 
comb  Bridge  Road,  Ste212, 
Norcross,  GA  30092. 


Computer  Programmer/ 
Analyst  wanted  by  IT 
company  located  in 
Southfield,  Ml.  Must 
have  B.S.  in  Computer 
Science  and  1  1/2  years 
exp.  Respond  to:  Atrient 
Technologies,  P.O.  Box 
250575,  West  Bloom¬ 
field,  Ml  48325. 


Chief  Information  Officer  position  in 
large  multi-platform  data  center  responsi¬ 
ble  for  providing  leadership  to  high  perfor¬ 
mance  management  team  in  complex 
social  services  agency. 

Represents  agency  in  meetings  with  fed¬ 
eral,  state  and  legislative  officials. 
Requires  current  technical  experience 
and  demonstrated  expertise  supporting 
IBM  ES9000  MVS/ESA/IMS/DB2, 

UNISYS  A19MCP/DMSII, 
AlX/Unix/Orade,  and  LAN/Novell. 
Experience  with  internet  applications 
design  and  development,  desired. 
Background  and  experience  with  federal 
oversight  agencies  is  highly  desirable. 
Demonstrated  success  in  public  adminis¬ 
tration  with  associated  regulatory  and 
state  oversight  entities  highly  desirable. 
Requires  interaction  with  stakeholders 
and  external  interested  parties  regarding 
complex,  highly  visible  projects. 
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CHILDREN 
&  FAMILIES 


Chief  Information  Officer 

Requires  effective  interaction  with  customers  and  developers  to 
ensure  the  successful  delivery  and  implementation  of  projects, 
updates  and  modifications  to  the  production  environment.  Must 
be  able  to  work  effectively  with  senior  departmental  managers 
as  well  as  executives  with  other  state  agencies  to  achieve 
smooth  and  timely  project  development  and  conversion  for 
clients.  Desire  strong  background  and  demonstrated  success  in 
deploying  productivity  tools  for  workforce  and  agency  process¬ 
es.  Responsible  for  charting  agency  strategic  direction  in 
client/server  and  distributed/decentralized  processing 
Qualifications:  Excellent  organizational,  analytical,  writing  and 
public  speaking  skills  are  desired.  A  bachelor's  degree  from  an 
accredited  college  or  university  and  progressively  responsible 
leadership  experience  in  analytical  and/or  technical  data  pro¬ 
cessing  fields.  Prefer  experience  in  a  managerial  capacity  for  a 
medium  to  large  data  center.  Experience  as  described  above 
can  substitute  on  a  year-for-year  basis  for  the  required  college 
education. 

Submit  resume  and/or  State  of  Florida  employment  appli¬ 
cation  to:  Jo  Moore,  Department  of  Children  &  Families 
Technology  Centre,  1940  North  Monroe  Street,  Suite  80, 
Tallahassee,  Florida  32399-0710;  FAX  (850)  487-8173; 
Jo_Moore@DCF.State.FL.US  DEADLINE:  5  P.M., 

September  8,  2004.  EEO/AA  Employer/Veterans  Preference. 
Those  persons  who  require  special  accommodations  during  the 
selection  process,  should  call  Jo  Moore  at  (850)  487-8169. 


Software  Engineer-Applications. 
Sought  by  Englewood  Colorado 
consulting  company  to  work  in 
various  unanticipated  locations 
throughout  the  U.S.  Duties:  De¬ 
velop,  create  and  modify  gener¬ 
al  computer  applications  soft¬ 
ware  or  specialized  utility  pro¬ 
grams.  Analyze  user  needs  and 
develop  software  solutions.  De¬ 
sign  software  or  customize  soft¬ 
ware  for  client  use  with  the  aim 
of  optimizing  operational  effi¬ 
ciency.  Analyze  and  design  da¬ 
tabases  with  an  application 
area.  Use  of  Novell,  Visual  Bas¬ 
ic,  C++,  PowerBuilder,  Java, 
ASP,  PL/SQL,  SQL,  SQL  Server 
and  Windows  NT.  Reqs.  Mas¬ 
ters  or  equivalent  in  Computer 
Science,  Computer  Engineering, 
Engineering  (any  field)  or  relat¬ 
ed  field.  Plus  1  year  in  the  job  of¬ 
fered  or  1  year  in  a  related  occu¬ 
pation,  including  Programmer 
Analyst,  Systems  Engineer  or 
Software  Engineer.  Will  accept  a 
Bachelors  degree  plus  five 
years  of  progressive  experience 
in  the  field  or  related  occupation 
in  lieu  of  required  education  and 
experience.  $73,231 . 00/year, 
40/hrs/wk,  8AM-5PM.  Respond 
by  resume  to  WORKFORCE 
DEVELOPMENT  PROGRAMS. 
PO  Box  46547,  Denver,  CO 
80202,  and  refer  to  Job  Order 
No.  CO5088416. 


IT  PROFESSIONALS 
Technical  Consultant 

(Glen  Mills,  Pennsylvania  and  other  locations  through  the  U.S.).  Provide 
technology  consulting  services  for  public  sector  engagements  involving 
implementation,  testing,  development,  maintenance  and  enhancement  of 
software  packages  and  applications  utilizing  Object-Oriented  design  and 
analysis,  Oracle  9i,  MS  SQL,  Javascript,  Java,  VB  Script,  CGI  scripting, 
server  administration  skills,  Visual  Basic,  C,  C++  and  Pascal,  as  well  as 
IBM  MQ  Series,  PAM  and  Solaris.  Participate  in  formulating  and  defining 
computer  information  systems  scope  and  objectives  through  research 
and  fact-finding  to  develop  or  modify  information  systems  tailored  to  client 
management  requirements.  Prepare  detailed  technical  and  business 
requirements  from  which  software  will  be  written.  Analyze  and  revise 
existing  system  logic  and  documentation.  Supervise  systems  analysts 
and  programmers  conducting  any  of  the  above  activities. 

The  wage  offered  is  $75,780  per  year.  The  work  schedule  is  Monday- 
Friday,  8:30  am  to  5:00  pm.  The  minimum  requirements  are  as  follows: 
Bachelor's  degree  or  foreign  equivalent*  in  Computer  Science, 
Engineering  (any  type),  Management  Information  Systems.  Computer 
Information  Systems  or  Math  +  2  years  of  experience  in  the  job  offered  or 
2  years  of  experience  as  a  Consultant,  System  Analyst,  Web  Developer, 
Database  Administrator  or  Programmer.  Prior  consulting  and 
project/team  management  experience  must  include  system  analysis, 
design,  implementation,  testing  and  deployment  for  Public  Sector  client 
engagements  using  Object-Oriented  design  and  analysis,  Oracle  9i,  MS 
SQL,  Javascript,  Java,  VB  Script,  CGI  scripting,  server  administration 
skills,  Visual  Basic,  C,  C++,  Pascal,  as  well  as  IBM  MQ  Series,  PAM  and 
Solaris. 

•Employer  will  regard  a  foreign  degree  to  be  equivalent  to  a  U.S. 
Bachelor's  degree  as  determined  by  an  accredited  educational  evaluation 
service. 

Please  send  your  resume,  referencing  Job  Order  Number  WEB447614  to 
the:  PA  CareerLink,  FLC  Unit,  235  West  Chelten  Avenue,  Philadelphia,  PA 
19144.  EOE. 


COMPUTER  PROFESSION¬ 
ALS:  Radiant  Systems,  Inc.  a 
Nationwide  Technology  provider 
located  in  NJ.  CT,  TX  &  FL  req 
Professionals  w/  Hardware  &/or 
Software  skills  Incl:  C,  C++, 
Java,  JavaScript,  XML,  UML, 
Perl,  HTML,  SQL,  Pro*C,  VB, 
PB,  VC++,  MFC,  SDK,  Gupta- 
SQL,  Informix,  Crystal  Reports, 
Sybase,  Dev  2000.  LotusNotes, 
Unix,  WinNT/95/XP,  RTOS,  Sun 
OS,  Help  Desk/PC-Support, 
SAP,  R/2-R/3,  ABAP/4,  SAP 
Scripts.  PeopleSoft.  IDMS, 
AS/400,  COBOL/CICS/  DB2, 
MVS,  RPG/400,  SQA,  Win/ 
LoadRunner,  SNMP,  COBRA, 
ASP,  Active-X,  DTM/TDMA, 
FDMA,  Routers,  DSP/ATM, 
FRAME  RELAY,  TCP/IP,  ISDN, 
DCOM,  COM,  PL/1,  SAS,  Vx- 
Works,  VHDL,  SONET/  SDH, 
SNMP,  HP  OpenView,  Proj  Mgr 
Tech  Writers  Candidates  w/a 
BS(or  equiv)  &  2yrs  exp.  as  P/A 
and/or  MS  (or  equiv)  &  lyr  exp. 
as  S/E.  Travel  &  reloc.,  req.  to 
anywhere  in  USA  as  assigned. 
Excel.  Benefits.  E-Mail:  radi- 
ants@radiants.com  Attn:  H.R 
Dept.  1 09-A  Corporate  Blvd.,  S. 
Plainfield,  NJ  07080. 


IT  PROFESSIONALS 
Senior  Consultant 

(Glen  Mills,  Pennsylvania  and  other  locations  through  the  U.S.).  Respon¬ 
sible  for  the  analysis,  design,  development,  testing  and  implementation  of 
Data  Warehouse,  Data  Mart  and  Business  Intelligence  solutions  and 
other  related  application  development  to  ensure  that  implementations 
meet  technical  requirements,  including  those  for  performance,  and  disas¬ 
ter  recovery.  Responsible  for  gathering  functional  requirements,  defining 
technical  architecture,  system  implementation  and  client  management. 
Utilize  technical  expertise  in  all  stages  of  the  software  development  life 
cycle,  including  the  planning,  analysis,  design,  development,  and  testing 
stages.  Perform  logical  and  physical  data  modeling,  optimize  database 
performance,  and  develop  backup  and  disaster  recovery  strategies.  Util¬ 
ize  PL/SQL  to  combine  database  and  procedural  programming  language 
in  Oracle.  Responsible  for  writing  technical  documentation  of  projects  and 
transferring  knowledge  to  clients  in  order  to  support  the  application  upon 
completion  of  the  project.  Responsible  for  logical  and  physical  data  mod¬ 
els  for  Data  Warehouses  and  Data  Marts  utilizing  ERWin,  designing  uni¬ 
verses  and  reports  utilizing  Business  Objects  and  Web  Intelligence  On¬ 
line  Analytical  Processing  (OLAP)  tool,  and  data  extract,  transform  and 
load  (ETL)  functions  using  Informatics.  Participate  in  the  installation,  con¬ 
figuration.  design  and  development  of  Relational  Database  Management 
Systems,  including  Informix,  Sybase  and  Oracle  systems  as  well  as  the 
Business  Objects  and  Web  Intelligence  OLAP  tool  and  Informatica  ETL 
tool.  The  wage  offered  is  $92,000  per  year. 

The  work  schedule  is  Monday-Friday,  8  00  am  to  5:00  pm.  The  minimum 
requirements  are  as  follows:  Bachelor's  degree  or  equivalent  in  Computer 
Science,  Engineering  (any)  or  Business  Administration  +  5  years  of  expe¬ 
rience  in  the  job  offered  or  5  years  of  experience  as  a  Senior  Consultant, 
Consultant.  Engineer  or  related  occupation.  Employer  will  regard  a  for¬ 
eign  degree  to  be  equivalent  to  a  U  S.  Bachelor’s  degree  as  determined 
by  an  accredited  credentials  evaluation  service  Related  experience  must 
include  at  least  one  year  with  Relational  Database  Management  Systems 
(Oracle,  Informix  and  Sybase),  SQL,  PL/SQL.  ERWin  for  data  modeling, 
Business  Objects  and  Web  Intelligence  OLAP  tool,  and  Informatica  for 
data  extraction,  transformation  and  loading  (ETL).  Please  send  your 
resume,  referencing  Job  Order  Number  WEB447641  to  the  PA  Career- 
link,  FLC  Unit,  235  W.  Chelten  Avenue,  Philadelphia,  PA  19144.  EOE 


NWOea004£/MW/W  2 


Computerworld  •  InfoWorld  •  Network  World  •  August  30,  2004 


YOUR  HANDS 


THE 
WORLD’S 
BEST 
IT  TALENT 

IS  AT 
OUR  SITE. 


CHECK  US  OUT  AT: 
WWW.ITCAREERS.COM 
OR  CALL:  (800)  762-2977 


Computerworld  •  InfoWorld  •  Network  World  •  August  30,  2004 


NW083004E/MW/W  3 


h 


L  www.nwfusion.com 


8/30/04 


NetworkWoridES 


NetworkWorld 


Editorial  Index 


■  A 

■  N 

Aruba  Wireless  Networks 

1? 

Netezza _ 

19 

ATAT  

1.95 

Nextel 

95 

NTT  DoCoMo _ 

_ 26_ 

■  C 

Cast-Iron  Systems.. 

21 

■  P 

Cisco 

R,  19,  16 

Packard  Rpll 

98 

■  E 

■  Q 

EMC. 

IQ 

Qwest 

95 

■  F 

■  R 

FrontBndpe  Technologies 

17 

Radware 

17 

Fujitsu _ 

R,  96 

■  G 

■  s 

S2io 

19 

filnhal  Crossing 

96 

.SRC 

_ a_ 

■Smartl  ine 

on 

■  H 

Sprint 

a 

Hitachi _ 

in 

Sun 

19 

HP 

91 

■  1 

■  T 

loshiha 

2a- 

IBM _  .  . 

19.  98.  48 

Intel  _ 

_ ia_ 

■  V 

VeriSign 

95 

■  J 

Verizon 

_ 25_ 

Jumper  . 

17 

Vnnage 

95 

■  L 

■  w 

1  inksys _ 

95.  30 

WilTel  Qnmmnnicatinns 

95 

■  M 

■  X 

MailFrontier 

21 

Xiotech 

ia 

MCI 

Microsoft 


26 


.  90.  37 


Advertiser  Index 


Advertiser 

AdventNet  I  nr. 
Apple  Computer  Inr 
dtSearch  Corp 


Page  # 


www.opmanagfir.c:nm 

Yww.apple.com/xserve 

www.dl.search.cnm 


EMC  Corp  . 


23  www.emc.com/forumsenes 


Executive  Software 


24  www  executive  rnm/nw<;k34 


Foundry  Networks 


SI  www.fni  inrlrynetwnrks.r.nm/fRx 


Hewlett  Packard 


9-3  www  hp  rnm/infn/stnragpwnrks  ilm 


Hewlett  Packard 


52www  hp  rom/Qo/mfppromotions 


IBM  Crap  


IS  ihmrnm/miririlpwarn/infnrrnatinn 


IT  Watchdogs 


£L 


www.ITWatrhrinQS.rnm 


Junipfir  Networks  Inr  . 


jiinipprnptwnrksr.nm 


lantrnnix 


www.lantrnnix.nnm 


Microsoft  Cnr.p 


27  www.mirrnsnft.rnm/spn  inty/it 


Mirrnsoft  Cnrp 


34 wwwmirrnsntt  r.nm/fnrrpstpr 


Nptwnrk  Instmmpnts  I  I  C  43  www.nptwnrkinslriimpnts.nnm/nine 


Quantum  Corp 


Rasp  Fterlrnnios 


www  rnsp  rnm 


SAP 


san.nnm/nptweayfir 


Server  Tectinotopy 


www  spruprtprh  rnm 


SI  Tech 


www  Ritpch-hitrirtver.cnm 


SomcWALL 


11  wwwsnmrwall.rnm/hnmp ’rpspllerasn 


VenSipn  Inc 


www  vprisiqn  rnm/sprurity 


Western  Tplpmatir.  Inr 


42 


www  wti  rnm 


WR  Consultant  Associates 


43 


wwwWRfA.net 


Network  World  Perspectives 


vww.ffi  rom/pstnww 


Network  World  Fusion  -  www.nwfusion.com 

3Com  Corporation 

Lancope 

Adobe  Systems 

Lucent  Technologies 

Airespace 

MessageLabs,  Inc 

American  Power  Conversion 

Microsoft  Corporation 

Aventail 

NEC  Computers,  Inc. 

Avocent 

NetScaler 

BNX  Systems 

NetScout  Systems 

Cisco  Systems,  Inc. 

NetScreen  Technologies  Inc 

Check  Point  Software  Technologies 

New  Edge  Networks 

eEye  Digital  Security 

Novell 

E  lance 

Oculan 

F5  Networks 

Quintum  Technologies 

Fidelia 

Redline  Networks 

Fluke  Networks 

RLX  Technologies,  Inc. 

ForcelO  Networks 

Sana  Security 

Fortinet 

SealedMedia 

GCW 

Solsoft  Inc 

Global  Knowledge  Network 

Statscout  Pty  Ltd 

Hewlett-Packard 

SUPERCOMM 

ITCareers 

TrendsMedia  Inc. 

These  indexes  are  provided  as  a  reader  service.  Although  every 
effort  has  been  made  to  make  them  as  complete  as  possible,  the 

publisher  does  not  assume  liability  for  errors  or  omissions. 

•Indicates  Regional  Demographic 

NetworkWorld 


Network  World  Events  and  Executive 
Forums  produces  educational  events  and 

,  .  _ _  .  |  executive  forums  worldwide,  including  our 

Events  end  Executive  Forums  Qne  ^  Technology  Tours,  customized  on 

site  training,  and  executive  forums  such  as  DEMO®,  DEMOmotxle®,  and 
VORTEX,  as  well  as  the  DEMOIetter  and  VORTEX  Digest  newsletters.  For 
complete  information  on  our  current  seminar  offerings,  call  us  at  800-643- 
4668  or  go  to  www.nwfuson.com/events. 


Publicize  your  press  coverage  in 
Network  World  by  ordering  reprints  of 
your  editorial  mentions.  Reprints 
make  great  marketing  materials  and 
are  available  in  quantities  of  500  and 
up.  To  order,  contact  Reprint 
Management  Services  at  (717)  399- 
1900  x129  or  E-mail:  mshoben@reprintbuyer.com 


■  Network  World,  Inc. 

118Turnpike  Road,  Southborough,  MA  01772 
Phone:  (508)  460-3333 

TO  SEND  E-MAIL  TO  NWW  STAFF 

firstname_lastname@nww.com 

EvileeThibeault,  CEO/Publisher 
John  Gallant,  President/Editorial  Director 
W.  Michael  Draper,  Chief  Operating  Officer 
Eleni  Brisbois,  Administrative  Planning  Manager 

FINANCE 

Mary  Fanning,  Vice  President  Finance 

Paul  Mercer,  Finance  Manager 

Betty  Amaro- White,  Event  Finance  Manager 

HUMAN  RESOURCES 

Elizabeth  Price,  Director  of  Human  Resources 
Eric  Cormier,  Sr.  Human  Resources  Generalist 

MARKETING 

TerryAnn  Croci,  Sr.  Director  of  Customer  Experience 
Nancy  Sarlan,  Corporate  Marketing  Communications  Mgr. 
Barbara  Sullivan,  Senior  Research  Analyst 
Judy  Schultz,  Marketing  Design  Manager 
Cindy  Panzera,  Marketing  Designer 
PRODUCTION  SERVICES 

Greg  Morgan,  Senior  Director,  Production  Services 
Karen  Wallace,  Senior  Director,  Advertising  Operations 
Mike  Guerin,  Senior  Production  Specialist 
JamiThompson,  Production  Coordinator 
Veronica Trotto,  Online  Operations  Coordinator 
Maro  Eremyan,  Advertising  Coordinator 
Christina  Pankievich,  Advertising  Coordinator 
LisaThompson,  Online  Ad  Traffic  Coordinator 
CIRCULATION 

Richard  Priante,  Senior  Director  of  Circulation 
Bobbie  Cruse,  Subscriptions  Manager 
Mary  Mclntire,  Circulation  Marketing  Manager 

RESEARCH 

Ann  MacKay,  Research  Director 

DISTRIBUTION 

BobWescott,  Distribution  Manager/(508)  879-0700 

IDG  LIST  RENTAL  SERVICES 

Paul  Capone,  Account  Executive 

P.O.  Box  9151,  Framingham,  MA  01701-9151 

(800)  343-6474/(508)  370-0825,  FAX:(508)  370-0020 

SEMINARS,  EVENTS  AND  IDG  EXECUTIVE  FORUMS 

Michele  Zarella,  Director  of  Operations 

Dale  Fisher,  Event  Planner 

Dori  Smith,  Event  Operations  Manager 

Jacqueline  DiPerna,  Event  Coordinator 

Karen  Bornstein,  Sales  Operations  Specialist 

Neal  Silverman,  Senior  Director  of  Event  Sales 

Andrea  D'Amato,  Sales  Director/Strategic  Partnerships 

Kristin  Ballou-Cianci,  Senior  Event  Sales  Manager 

Maureen  Riley,  Event  Sales  Manager 

Mark  Hollister,  Senior  Director  of  Event  Marketing 

Debra  Becker,  Dir.,  Marketing  &  Audience  Development 

Sara  Nieburg,  Senior  Marketing  Manager 

Timothy  Johnson,  Marketing  Specialist 

ONLINE  SERVICES 

Kevin  Normandeau,  Vice  President,  Online 

Susan  Cardoza,  National  Sales  Manager,  Online 

Deborah  Vozikis,  Design  Manager  Online 

Adam  Gaffin,  Executive  Editor,  Online 

Melissa  Shaw,  Managing  Editor,  Online 

Jason  Meserve,  Multimedia  Editor 

Sheryl  Hodge,  Sr.  Online  Copy  Chief 

CUSTOMER  ACCESS  GROUP 

W.  Michael  Draper,  Chief  Operating  Officer 

Sharon  Stearns,  Director  of  Client  Services 

Tim  DeMeo,  Project  Manager 

Cara  Peters,  Project  Support  Specialist 

INFORMATION  SYSTEMS/BUSINESS  SERVICES 

W.  Michael  Draper,  Chief  Operating  Officer 

Tom  Kroon,  Director  of  Systems  Development 

Anne  Nickinello,  Senior  Systems  Analyst 

Puneet  Narang,  Manager  of  DatabaseTechnologies 

William  Zhang,  Senior  Software  Engineer 

Manav  Seghal,  Software  Engineer 

Rocco  Bortone,  Director  of  Network  IT 

Peter  Hebenstreit,  Senior  Network/Telecom  Engineer 

Kevin  O'Keefe,  Systems  Support  Manager 

Brian  Wood,  Senior  Systems  Support  Specialist 

Frank  Coelho,  Senior  Manager,  Business  Services 

Mark  Anderson,  Business  Services  Supervisor 

Linda  Cavanagh,  Business  Services  Administrator 


■  IDG 

Patrick  J.  McGovern,  Chairman  of  the  Board 

Pat  Kenealy,  CEO 

Network  World  is  a  publication  of  IDG.  the  world's  largest 
publisher  of  computer-related  information  and  the  leading 
global  provider  of  information  services  on  information  tech 
nology.  IDG  publishes  over  275  computer  publications  in  75 
countries.  Ninety  million  people  read  one  or  more  IDG  publi¬ 
cations  each  month.  Network  World  contributes  to  the  IDG 
News  Service,  offering  the  latest  on  domestic  and  interna 
tional  computer  news. 


Sales  Offices 


Carol  Lasker.  Associate  Publisher/Vice  President 
Jane  Weissman,  Sales  Operations  Coordinator 
Internet:  clasker,  jweissman@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 

New  York/New  Jersey 

Tom  Davis,  Associate  Publisher,  Eastern  Region 
Elisa  Della  Rocco,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  tdavis,  elisas,  ajoseph@nww.com 
(201)  634-2300/FAX:  (201)  634-9286 

Northeast 

Elisa  Della  Rocco,  Regional  Sales  Manager 

Internet:  elisas@nww.com 

(508)  460-3333/FAX:  (508)  460-1237 

Mid-Atlantic 

1  Jacqui  DiBianca,  Regional  Sales  Manager 
Internet:  jdibian@nww.com 
(610)  971-1530/FAX:  (610)  975-0837 

Midwest/Central 

Eric  Danetz,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  edanetz,  ajoseph@nww.com 
(201)  634-2314/FAX:  (201)  712-9786 

Southeast 

I  Don  Seay,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  dseay.  ajoseph@nww.com 
(404)  845-2886/FAX:  (404)  250- 1646 

Northern  California/Northwest 

'  Sandra  Kupiec,  Associate  Publisher,  Western  Region 
Karen  Wilde,  Regional  Sales  Manager 
Courtney  Cochrane,  Regional  Sales  Manager 
|  Teri  Marsh  Sales  Assistant 
Internet:  skupiec,  kwilde,  ccochrane,  tmarsh@nww.com 
(510)  768-2800/FAX:  (510)  768-2801  

Southwest/Rockies 

I  Becky  Bogart  Randell,  Regional  Sales  Manager 
Victoria  Gonzalez,  Sales  Assistant 
Internet:  branded,  vgonzalez@nww.com 
(949)  250-3006/FAX:  (949)  833-2857 _ 


Customer  Access  Group 

Tom  Davis,  Assoc.  Publisher  Eastern  Region/General 
Manager,  Customer  Access  Group 
Michael  Hiatt,  Director  of  Custom  Programs 
Kate  Zinn,  Sales  Manager,  Eastern  Region 
Internet:  tdavis,  mhiatt,  kzinn@nww.com 
(508)  460-3333/FAX:  (508)  460-1237  

Fusion 

Kevin  Normandeau,  Vice  President,  Online 

James  Kalbach,  Director,  Online  Services 

Scott  Buckler,  West  Coast  Regional  Sales  Manager 

Stephanie  Gutierrez,  Online  Account  Manager 

Debbie  Lovell,  District  Sales  Manager 

Internet:  knormandeau,  jkalbach,  sbuckler,  sgutierrez, 

dlovell@nww.com 

(508)  460-3333/FAX:  (508)  861-0467 


MARKETPLACE 

Donna  Pomponi,  Director  of  Emerging  Markets 

Enku  Gubaie,  Senior  Account  Manager 

Caitlin  Horgan,  Account  Manager 

Jennifer  Moberg,  Account  Manager 

Chris  Gibney,  Sales  Operations  Coordinator 

Internet:  dpomponi,  egubaie,  chorgan,  jmoberg, 

cgibney@nww.com 

(508)  460-3333/FAX:  (508)  460-1192 

IT  CAREERS 

Vice  President,  Nancy  Perciva I,  Western  Regional  Manager. 
Caroline  Garcia,  Central  Regional  Manager,  Laura  Wilkinson, 
Central/Western  Account  Executive,  Mark  Dawson,  Eastern 
Regional  Manager,  Jay  Saveli,  Eastern  Account  Executive, 
DanielleTetreault,  Sales/Marketing  Associate,  Joanna 
Schumann 

(800)  762-2977/FAX:  (508)  875-6310 


8/30/04 


News 


www.nwfusion.com  j 


revels  in  Web  hosting  appeal 


Your  Web  host 

Saving  money  is  the  No.  1  draw  of  Web  hosting, 
according  to  an  IDC  survey  of  65  companies. 
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a  BY  ANN  BEDNARZ 

More  companies  are  opting  to 
turn  over  control  of  their  Web 
sites  to  outsourcers  these  days  — 
and  a  good  number  of  those  cor¬ 
porations  are  choosing  IBM  as 
their  provider. 

To  be  specific,  24.8%  are  going 
with  Big  Blue,  which  leads  the 
pack  of  U.S.  Web  hosting  service 
providers,  according  to  a  recent 
report  from  IDC.  It’s  a  fragmented 
market,  with  the  top  22  providers 
accounting  for  just  67%  of  the 
market  at  the  end  of  2003.  But 
IBM’s  dominance  is  clear.  It  had 
$1.37  billion  in  revenue  last  year 
—  which  is  the  combined  rev¬ 
enue  of  the  next  five  biggest 
providers. 

Corporations  are  getting  over 
their  reluctance  to  use  out¬ 
sourcers  and  gaining  confidence 


in  providers’  corporate  viability, 
IDC  says.  The  research  firm  says 
the  retreat  from  outsourced  Web 
hosting  that  began  in  2001  has 
abated,  as  have  enterprise  con¬ 
cerns  about  the  stability  of  the 
sector. 

Those  tumultuous  years  caused 
some  vendors  to  succumb  to 
bankruptcy  buyouts  and  down¬ 
sizing.  XO  Communications  and 
Cable  &  Wireless  America  each 
sought  bankruptcy  protection, 
while  Avasta,  Conxion,  Digex, 
Hostcentric  and  Interliant  are 
among  the  providers  that  disap¬ 
peared  through  acquisition. 

Now  that  the  dust  is  relatively 
settled,  renewed  enterprise  confi¬ 
dence  in  the  market  will  translate 
into  a  five-year  compound  annu¬ 
al  growth  rate  of  13.6%,  IDC  says. 
It  expects  the  market  to  increase 
from  $5.5  billion  in  2003  to  $6.1 


billion  this  year  and  to  $10.4  bil¬ 
lion  by  2008. 

For  its  part,  IBM  says  the  decline 
in  Web  hosting  that  decimated 
many  start-ups  in  the  beginning 
of  the  decade  had  the  reverse 


effect  on  it. 

“We’ve  consistently  grown  over 
20%  every  year,  even  during  the 
down  years,”  says  Mike  Riegel, 
director  of  marketing  and  strategy 
in  IBM’s  Global  Services  division. 


“Part  of  the  reason  for  that  is  cus¬ 
tomers  turned  to  IBM  when  they 
had  concerns  about  the  financial 
stability  of  a  lot  of  the  start-ups. 
We’ve  definitely  benefited  from 
the  missteps  of  our  competitors.” 

According  to  IDC,  the  biggest 
appeal  of  using  Web  hosting  ser¬ 
vices  is  the  chance  to  save 
money  Riegel  says  using  IBM’s 
Web  hosting  services  typically 
can  save  a  company  between 
20%  and  30%  of  the  cost  of  doing 
it  in-house. 

Not  everyone  agrees,  however. 
Companies  that  are  reluctant  to 
try  Web  hosting  services  cite 
“lack  of  cost  savings”  as  one  of 
the  top  three  inhibitors,  IDC  says. 
The  other  two  primary  inhibitors 
are  the  desire  to  keep  control  of 
the  Internet  infrastructure  and 
the  availability  of  in-house 
expertise.  ■ 


this  week  ranks  threats  to  state  networks  according  to 
the  following  scale. 
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protecting  them  from  potential 
cyberattacks  that  could  threaten 
public  health  and  safety. 

While  Pelgrin  said  the  full 
cyber-evaluation  criteria  are 
secret,  he  said  the  appraisal  takes 
into  consideration  events  out¬ 
side  the  networks.  For  instance, 
New  York  has  been  ranked  as 
blue  or  “guarded”  solely  because 
the  Republican  National  Con¬ 
vention  is  being  held  this  week 
in  New  York  City,  Pelgrin  said,  not 
because  of  network  problems. 

Montana,  which  shares  a  600- 
mile  border  with  Canada,  is  seek¬ 
ing  grants  to  upgrade  law- 
enforcement  radio  networks  so 
local,  county  state  and  federal 
agencies  can  talk  to  each  other, 
said  Carl  Hotvedt,  chief  of  the 
network  technology  services 
bureau  for  the  states  information 
services  division.The  problem  is 
a  lot  of  different  systems  that 


don’t  talk  to  each  other,” 
he  said. 

Federal  agents  at  a  remote  bor¬ 
der  crossing  recently  needed 
help  from  the  local  police  10 
miles  away  but  their  radios  used 
different  frequencies.  “The  bor¬ 
der  patrol  needed  backup  but 
couldn’t  contact  the  local  sher¬ 
iff,”  Hotvedt  said. 

Homeland  security  has  given 
new  momentum  to  a  15-year  pro¬ 
ject  to  better  integrate  public 
safety  radio  networks,  said  R.D. 
Porter,  security  services  manager 
for  the  Missouri  division  of  infor¬ 
mation  services.  Wyoming, 
Virginia,  Florida  and  Arizona  are 
among  states  either  planning  or 
revamping  their  radio  networks 
to  interoperate  better,  he  said. 

While  radio  network  concerns 
are  somewhat  far  afield  from  the 
concerns  of  corporate  IT  execu¬ 
tives,  other  worries  are  the  same. 
In  Pennsylvania  the  state’s  acting 
telecom  director  is  concerned 
about  security  of  desktops  and 


the  threat  of  worms  and  viruses 
shutting  down  networks  for 
extended  times.  That  translates 
into  a  pending  proposal  to  beef 
up  authentication  of  desktops 
and  servers  before  they  are 
allowed  access  to  the  network, 
said  Charles  Strubel,  acting 
director  of  Pennsylvania’s  tele¬ 
com  services  bureau. 

He  said  software  to  make  sure 
these  devices  have  necessary 
patches  installed  would  protect 
networks  from  worms  and  Tro¬ 
jans.  Software  or  hardware  to  seg¬ 
regate  network  segments  that  get 
infected  would  limit  the  effects 
of  outbreaks  and  keep  services 
closer  to  normal  levels,  he  said. 

Strubel  also  is  looking  at  build¬ 
ing  redundant  fiber  rings  to 
serve  schools  in  the  northern 
part  of  the  state  to  handle  dual 
purposes.  They  would  deliver 
needed  connectivity  for  inter¬ 
school  communication  and  dis¬ 
tance  learning.  But  redundant 
fiber  also  would  support  the 


schools’  role  as  disaster  shelters 
and  command  centers  by  pro¬ 
viding  high-speed  links  to  emer¬ 
gency  agencies. 

North  Dakota  already  has  a 
statewide  ATM-over-SONET  net¬ 
work  on  which  it  wants  to  over¬ 
lay  networks  for  police  agencies 
to  connect  via  encrypted  paths, 
said  Glen  Rutherford,  network 
architect  for  the  state’s  IT  depart¬ 
ment.  His  proposal  to  the  DHS 
would  make  use  of  North  Da¬ 
kota’s  existing  network  to  carry 
traffic  that  was  secured  at  each 
end  by  separate  firewalls, 
authentication  software  and 
encryption  devices.  If  it  is  suc¬ 
cessful,  other  states  could  adopt 
the  model  and  link  their  net¬ 
works  to  share  information, 
he  said. 

North  Dakota  also  is  seeking 
funding  to  back  up  its  data  cen¬ 
ters  to  keep  key  state  agencies 
operating  if  a  disaster  strikes  its 
primary  site,  said  Mike  Ressler, 
deputy  to  the  CIO  of  the  state’s  IT 


department. 

West  Virginia  has  applied  for 
grants  to  install  redundant  routers 
and  other  network  gear  to  make 
the  state’s  networks  more  resilient 
against  attacks,  said  Deepesh 
Randeri,  manager  of  state  net¬ 
work  infrastructure  in  the  depart¬ 
ment  of  administration. 

In  some  states,  homeland  secu¬ 
rity  is  more  basic, such  as  extend¬ 
ing  91 1  services  to  all  state  facili¬ 
ties,  as  in  the  case  of  Oklahoma. 
A  DHS  grant  paid  for  upgrades  to 
PBX  software  so  91 1  calls  would 
accurately  reflect  where  a  caller 
was  located  and  interoperate 
with  the  public  911  emergency 
call  system. 

Mississippi's  looking  for  more 
staff  to  keep  up  with  its  network 
security  needs,  said  Jimmy  Web¬ 
ster,  data  network  manager  for 
the  department  of  IT  services.  He 
said  he  only  has  four  staff  mem¬ 
bers  who  work  on  security  in 
addition  to  other  duties. 

While  DHS  grants  are  available, 
Webster  said  some  federal  man¬ 
dates  still  leave  the  states  short  of 
cash. “There’s  still  a  lack  of  effort 
to  fund  some  of  the  things  we 
need  to  do  toda^’  he  said.  And 
physical  security, such  as  protect¬ 
ing  airports  and  bridges,  seem  to 
take  precedence  over  protecting 
networks.  “If  you  compete  for 
money,  cyber  will  lose  90%  of  the 
time  and  physical  will  win,”  he 
said.H 
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Golden  Boy 

continued  from  page  1 

industry  by  announcing  plans  to 
stop  competing  for  consumer 
business  —  AT&T  veterans  are 
clinging  ever  more  tightly  to  sym¬ 
bols  such  as  Golden  Boy  that 
recall  a  golden  age  of  telecom. 

Not  that  Golden  Boy  which  is 
officially  known  as  The  Spirit  of 
Communications,  hasn’t  under¬ 
gone  its  share  of  changes  during 
nearly  90  years  with  AT&T.The 
24-foot  bronze  statue,  which  is 
covered  in  more  than  40,000 
pieces  of  gold  leaf,  has  had  quite 
a  journey  to  his  spot  in  front  of 
the  company’s  headquarters. 

In  1914, Western  Electric,  then 
AT&T’s  equipment  arm  and  now 
known  as  Lucent,  commissioned 
the  statue.  He  originally  was 
called  The  Genius  of  Electricity 

Artist  Evelyn  Beatrice  Longman 
sculpted  the  statue  in  1916. 
Golden  Boy  was  then  hoisted 
465  feet  above  street  level  to  the 
top  of  AT&T’s  headquarters  on 
Broadway  in  New  York.  And  that’s 
where  he  stood  for  65  years. 

“It  was  a  wonderful  piece  of 
classical  sculpture,” says  Paul 
Goldberger,  dean  of  Parsons 
School  of  Design  and  architec¬ 
ture  critic  at  the  New  Yorker. 
“Longman  was  trying  to  transfer 
classic  tradition  into  the  new 
world  of  technology 


AT&T's  Golden  Boy  statue  now 
stands  atop  a  5-foot-high  pedestal 
outside  the  carrier's  Bedminster, 
N.J.,  headquarters. 

Golden  Boy  was  the  only  signif¬ 
icant  piece  of  art  that  Longman 
created  for  a  commercial  com¬ 
pany  Some  of  her  other  famous 
works  include  bronze  doors  for 
Wellesley  College  in  Massachu¬ 
setts  and  the  U.S.  Naval  Academy 
in  Annapolis,  Md.  She  also  sculpt¬ 
ed  most  of  the  decorative  work 
on  the  Lincoln  Memorial  in 
Washington,  D.C.,  including  all 
the  bronze  wreaths. 


Goldberger  says  it  isn’t  sur¬ 
prising  that  Golden  Boy  was 
Longman’s  only  sculpture  com¬ 
missioned  for  a  business.  Not 
many  companies  commis¬ 
sioned  artwork. “It  speaks  to 
AT&T’s  view  of  themselves  at 
the  time,  like  a  quasi-govern¬ 
ment  entity”  he  says. 

In  those  pro-monopoly  years, 
the  statue  was  even  visible  to 
those  without  a  New  York  City 
skyline  view:  During  the  1930s 
and  ’40s  Golden  Boy  appeared 
on  every  telephone  directory 
sent  to  homes  across  the  coun¬ 
try  He  was  the  face  of  AT&T. 

His  common  appearance  in 
homes  throughout  the  U.S. 
inspired  former  Poet  Laureate 
Robert  Pinskey  to  write  a  poem 
called  “A  Phonebook  Cover 
Hermes  of  the  Nineteen-forties.” 
Pinskey  calls  him  “pure,  the  mer¬ 
ciless  messenger,”  in  his  poem, 
which  is  now  embossed  in 
bronze  and  sits  at  the  foot  of 
Golden  Boy’s  5-foot-high  granite 
cylinder  stand. 

But  before  Golden  Boy  arrived 
at  his  current  home,  the  statue 
made  a  few  more  trips. 

AT&T  decided  in  the  late  1970s 
to  build  new  headquarters  on 
Madison  Avenue  that  became  an 
icon  of  postmodern  architecture 
and  the  movement  away  from 
buildings  that  look  like  “glass 
boxes,”  Goldberger  says.The 


building,  which  today  is  owned 
by  Sony  is  constructed  of  granite 
and  is  distinctive  for  its  Chippen- 
dale-style  roof. 

The  building  was  constructed 
with  Golden  Boy  in  mind.  With  a 
lobby  that’s  about  seven  stories 
tall,  the  architects  created  an 
alcove  where  the  statue  could  be 
displayed  and  appreciated  by 
more  people  as  they  were  dri¬ 
ving  or  walking  by 

But  it  seems  the  company  was 
surprised  to  find  that  Golden 
Boy  a  nude,  was  anatomically 
correct.  It’s  been  said  that  the 
CEO  at  the  time,  John  de  Butts, 
requested  that  the  statue  find 
some  modesty  and  Golden  Boy's 
manhood  essentially  was 
removed  in  the  restoration  and 
re-gilding  process. 

This  happened  not  long  before 
AT&T  also  was  stripped  of  some 
of  its  riches.  In  1984  the  com¬ 
pany  was  forced  to  divest  its 
local  phone  business,  reluctantly 
creating  the  RBOCs. 

After  a  10-year  stint  indoors, 
Golden  Boy  longed  for  the 
great  outdoors  once  again.  In 
1992  AT&T  moved  its  head¬ 
quarters  to  Basking  Ridge,  N.J., 
and  the  statue  followed. 

Golden  Boy  won  a  prominent 
place  on  a  pedestal  in  front  of 
the  building. 

After  another  10  years,  Golden 
Boy  moved  one  more  time  to  his 


current  home.  AT&T  considered 
three  or  four  sites  to  display  the 
statue  in  Bedminster. 

“He  clearly  needed  to  be 
placed  in  an  area  of  promi¬ 
nence  where  he  would  easily 
be  viewed,”  Brazzell  says.“Using 
the  main  building  as  the  back¬ 
drop  became  the  best  choice. 
The  location  allows  visitors 
easy  access.  A  lot  of  people 
stand  in  front  of  him  and  have 
their  picture  taken." 

AT&T  restored  and  re-gilded 
Golden  Boy  once  more  before 
transporting  the  artwork  via 
truck  from  Basking  Ridge.  One 
employee  described  the  surreal 
experience  of  seeing  Golden 
Boy  strapped  down  in  a  truck 
driving  alongside  her. 

“The  tarp  that  was  covering 
the  statue  came  free,  and  there 
he  was  next  to  me  on  the  road,” 
she  says. 

At  the  re-dedication  ceremony 
AT&T  held  for  the  statue,  now 
Chairman  and  CEO  Dorman 
said  Golden  Boy  “reminds  us  of 
the  traits  that  have  remained 
constant  at  AT&T,  of  our 
strength  and  stability,  our  quality 
dedication  and  integrity,  and 
our  ability  to  remain  a  leader  in 
the  midst  of  unprecedented 
change.”  ■ 

Get  more  information  online. 
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storage  from  high-performance 
disk  storage  systems  to  high- 
capacity  [Serial  ATA]  arrays  and 
tape  using  a  centralized  console,” 
said  John  Webster,  senior  analyst 
for  the  Data  Mobility  Group,  in  a 
research  perspective.This  console 
is  expected  to  be  Hitachi’s 
HiCommand  Storage  Area 
Management  Suite,  which  is 
Storage  Management  Initiative 
Specification-enabled  (SMI-S). 
SMI-S  is  intended  to  let  any  ven¬ 


dor’s  storage  array  switch  or  tape 
library  be  managed  by  a  set  of 
standard  tools. 

Placing  virtualization  and  repli¬ 
cation  software  on  a  SAN-based 
device  has  reached  a  fever  pitch 
in  the  last  year.  While  the  market  is 
immature,  vendors,  including 
start-ups  DataCore  and  Falcon- 
Stor,  have  shipped  virtualization 
servers.  McData  and  Brocade  are 
putting  virtualization  and  other 
storage  services  such  as  replica¬ 
tion  and  volume  management  on 
their  Fibre  Channel  switches. 

Late  last  year,  IBM  announced  a 


deal  with  Cisco  to  put  its  SAN 
Volume  Controller  (SVC)  virtual¬ 
ization  software  on  Cisco  MDS 
9000  Fibre  Channel  switches.  IBM 
also  sells  hardware/software- 
based  SVC  separately  EMC  has 
promised  a  storage  router  and 
high-end  array  for  delivery  next 
year  that  will  virtualize  heteroge¬ 
neous  devices  and  provide  repli¬ 
cation  capabilities.  Unlike  Hi¬ 
tachi’s,  these  devices  are  separate 
from  the  array  and  introduce  new 
equipment  onto  the  SAN. 

With  Universal  Storage  Platform, 
Hitachi  also  is  expected  to  unveil 


a  virtual  machine  technology  in 
which  the  replication  and  move¬ 
ment  of  data  is  virtualized  much 
as  it  is  in  IBM’s  Dynamic  Logical 
Partitions,  which  lets  a  server  be 
divided  into  independent  virtual 
servers  or  logical  partitions. 

Pricing  for  the  array  was  not 
available  by  press  time. 
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Sun  is  expected  to  announce 
next  week  that  it  will  resell  the 
Hitachi  array  as  part  of  its 
StorEdge  family  HP,  which  sells 
the  Hitachi  array  on  an  OEM 
basis,  will  announce  its  new  stor¬ 
age  array  the  StorageWorks 
XP 12000,  in  a  separate  event, 
sources  say  ■ 
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supply  data  to  MOM. 

“We  see  MOM  2005  and  its  Management  Packs  as 
Version  Zero  of  SDM,”says  David  Hamilton,  director 
of  the  Windows  and  enterprise  management  divi¬ 
sion  at  Microsoft.  “The  Management  Packs  show 
what  SDM  can  do." 

MOM  2005  also  is  a  precursor  to  System  Center 
2005,  which  is  expected  to  ship  mid-2005.  System 
Center  combines  MOM  and  SMS  into  one  infrastruc¬ 
ture  with  a  set  of  reporting  tools. 

“Whether  we  keep  it  as  a  suite  or  tightly  integrated 
product  we  haven’t  decided,"  Hamilton  says. 


In  the  Longhorn  time  frame,  Microsoft  will  release 
Version  2.0  of  System  Center  with  updates  to  MOM 
and  SMS  and  a  new  data-warehousing  capability 
and  a  capacity-planning  tool  code-named  Indy 
Microsoft  plans  to  add  DSI  concepts  to  its  operat¬ 
ing  system,  including  the  next  release  of  Windows 
Server  2003,  code-named  R2,  slated  for  summer 
2005. 

“It  makes  perfect  sense  what  Microsoft  is  trying  to 
do  because  it  makes  life  easier  for  everyone,”  says 
Garth  Jones,  chief  of  application  support  infrastruc¬ 
ture  for  the  Canada’s  Department  of  Fisheries  and 
Oceans.  ““1  don’t  need  to  know  everything  about 
every  application.  I  just  need  to  know  where  to  go  to 
get  the  information.”  ■ 
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BackSpin  Mark  Gibbs 

Market  factors  meet  medical  gear,  upgrades 


fter  last  week’s  BackSpin  rant 
about  the  upgrading  (or  lack 
thereof)  of  medical  devices, 
feedback  was  prompt.  Reader  Don 
Dickerson  was  one  of  the  first  to 
write  in:“Concerning  any  unpatched 
operating  system  in  medical  devices 
...  the  solution  is  so  obvious.  Why  are 
they  using  a  commodity  operating  system  in  the  first 
place?  I  am  quite  certain  that  those  made  with  pro¬ 
prietary  operating  systems  in  ROM  don’t  have  this 
problem,  and  since  when  does  a  device  such  as  a 
drug-dispensing  pump,  defibrillator,  EKG,  etc.,  need 
an  operating  system  like  Windows!?” 

Dickerson  went  on  to  point  out  that  while  the 
GUI  might  be  nice.it  is  “overkill  [and  even]  Linux 
and  other  operating  systems  are  rather  inappropri¬ 
ate  for  this  sort  of  application.”  He  added  that“MRl 
and  CAT  scan  machines  almost  universally  use  their 
own  [operating  systems] .  [The  manufacturers]  say 
they  don’t  trust  anyone’s  code  but  their  own.” 

Dickerson  concluded  with  the  observation  that  “an 
operating  system  in  ROM  cannot  be  changed  or 
attacked.  And  patches  are  only  needed  if  the  manu¬ 
facturer’s  programmers  make  a  mistake  or  want  to 
add  a  feature.” 

Reader  Rick  Hampton  was  annoyed  with  me: 
“You  have  perpetuated  all  the  stereotypes  clini¬ 


cians  have  of  IS  people.  Namely,  that  IS  types  live  in 
their  own  world  and  are  not  capable  of  under¬ 
standing  other  people,  the  real  world  or  how  to 
solve  a  real  problem.” 

Pferhaps  my  point  wasn’t  clear. To  all  clinicians  who 
read  BackSpin  let  me  make  this  unambiguous: The 
medical  device  upgrade  mess  is  not  any  single  en¬ 
tity’s  fault  and  certainly  not  the  fault  of  IS  folks. 

What  created  this  mess  was  the  economics  of  the 
free  market  colliding  with  computer  technology  and 
the  medical  world.  As  I  have  discussed,  the  free  mar¬ 
ket  as  it  applies  to  computer  technology  votes  as  it 
does  for  a  certain  combination  of  values  (such  as 
cost  of  acquisition,  implementation  and  return  on 
investment),  and  the  result  is  often  at  odds  with  polit¬ 
ical  value  (public  policy  and  safety,  the  need  to  suck 
up  to  constituents  and  lobbies,  and  so  on). 

Hampton  noted  that  “it’s  not  exactly  like  the  vendor 
is  in  the  dark  about  their  system’s  environment.  It  is 
not  uncommon  for  a  manufacturer  to  refuse  to  sell 
you  the  equipment  or  install  it  unless  you  specific¬ 
ally  agree  to  all  of  their  terms  and  conditions.  So  if 
the  manufacturers  install  the  stuff,  is  it  not  reason¬ 
able  to  expect  them  to  design  it  to  function  properly 
and  be  readily  upgradeable  when  needed?” 

Interesting  thought  —  I  wonder  how  often  the 
device  vendors  say'Thou  shalt  not  connect  this 
device  to  a  network  or  any  other  source  of  potential 


risk  of  malware  or  hackers.”  If  the  vendor  doesn’t  say 
that,  the  onus  of  protecting  the  devices  falls  on  own¬ 
ers.  And  if  the  vendor  can’t  upgrade  without  the 
Food  and  Drug  Administration’s  approval  and  the 
device  is  in  a  hostile  environment  and  the  owner 
can’t  protect  it,  then  it  is  pretty  easy  to  see  where  the 
responsibility  lies. 

It  all  comes  down  to  politics  and  economics.That 
is  the  way  it  is. . . .  If  you  can’t  replace  the  equipment 
and  can’t  get  the  manufacturer  to  upgrade  it,  then 
that  is  the  status  quo,  and  short  of  getting  some  laws 
enacted  or  modified  (both  probably  not  good 
ideas)  it  will  remain  the  status  quo. 

You  could  argue  that  the  FDA  is  at  fault.  It  is  the 
authority  that  licenses  medical  equipment  and  has 
tied  manufacturers’  hands  by  making  it  a  long, slow 
process  for  them  to  have  upgrades  approved.  But  the 
FDA  is  chartered  with  protecting  public  health,  and 
that  requires  making  sure  manufacturers  produce 
equipment  that  is  safe  (trusting  manufacturers  and 
commercial  operating  system  vendors  to  get  it  right 
where  lots  of  money  is  involved  and  liability  is  an 
issue  seems  unwise  when  lives  are  at  stake). 

The  reality  is  it  is  all  about  politics  and  economics, 
not  computer  technology  and  IS  people.  I  just  want 
everybody  involved  to  stop  whining. 

Dare  /  ask  for  responses  to  backspin@gibbs.com ? 
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If  you’re  sick  of  Internet 
Explorer  and  all  its  associated 
drama  and  mishegoss,  check 
out  Browse  Happy. 

Operating  under  the  slogan  “Online.  Worry  free,”  the  site  touts  the  benefits  of 
beloved  alterna-browsers  Firefox,  Mozilla,  Opera  and  Safari,  and  offers  testimoni¬ 
als  from  those  who  have  switched.  Even  better,  there  are  no  dopey  commercials  like 
that  other  famous  switch  campaign,  www.nwfusion.com,  DocFinder:  3647 


By  Melissa  Shaw 

IE  haters  unite 


DNA  algorithm  fights  spam 

IBM  researchers  say  they’ve  developed  an  algorithm,  based  on  a  gene  sequencing 
formula,  that’s  got  a  96.5%  success  rate  in  detecting  spam. 

The  formula,  called  Chung-Kwei,  has  been  in  development  for  more  than  a  year  at 
IBM's  bioinformatics  and  pattern  discovery  research  group.  According  to  the  BBC, 
Chung-Kwei  “is  named  after  a  Feng  Shui  character  who  is  usually  shown  carrying  a 
bat,  and  also  holds  a  sword  behind  him.”  Pretty  much  the  character  you'd  want  out¬ 
side  your  mail  server. 
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One  tough  memory  card 

It  used  to  be  said  that  onlyTwinkies  and  cockroaches  would  survive  a  nuclear 
blast.  We  think  memory  cards  need  to  be  added  to  the  list.  Newspaper  photographer 
Don  Frazier  went  to  capture  the  demolition  of  an  old  highway  bridge  in  Mississippi 
and  made  one  mistake:  He  got  too  close.  His  digital  camera,  mounted  on  a  tripod 
even  closer  to  the  action,  was  blown  to  smithereens.  Yet  his  5-year-old,  256M-byte 
SanDisk  CompactFlash  card  lay  intact  on  the  ground,  complete  with  all  his  pictures 
—  including  the  last  shot,  just  before  the  camera  was  destroyed.  Follow  the 
DocFinder  below  to  see  the  camera's  final  moments. 
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Ultimate  geek  bling 

To  date  there  hasn't  been  a  lot  of  bling  one  can  associate  with  the  IT  set  —  until 
now.  Engadget's  DIY  project  series  has  reached  a  new  high  with  the  Search  Engine 
Belt  Buckle.  PhillipTorrone  will  show  you  how  to  take  24  hours'  worth  of  search 
engine  queries,  a  PDA  and  shiny  beads  and  turn  it  into  something  hep  on  your  hips 
that  will  scroll  through  a  day's  worth  of  search  engine  terms.  Finally,  a  technological 
reason  for  people  to  be  fascinated  with  your  pants. 

DocFinder:  3650 

Game  show  asks  IMers  for  help 

If  you’ve  always  wanted  to  be  on  a  game  show  but  haven't  been  lucky  (or  smart) 
enough,  now’s  your  chance  to  grab  a  tiny  bit  of  glory.  Anonymous  glory,  but  glory 
nonetheless. The  syndicated  version  of  "Who  Wants  to  Be  a  Millionaire?”  will  soon 
include  AOL  IM  members  as  part  of  the  audience.  If  you  add  the  screen  name 
“MillionairelM”  to  your  Buddy  List  you  can  get  actual  game  questions  sent  to  you 
via  instant  message.  When  a  contestant  decides  to  "Ask  the  Audience"  for  help, 
answers  that  come  in  via  IM  will  be  added  to  those  in  the  studio  audience. 

DocFinder:  3651 

Instant  Internet  dating? 

Anyone  else  coming  to  the  realization  that  the  main  online  technology  driver  today 
is  Internet  dating?  SpotMeeting.com  is  putting  wireless  to  work  via  its  Location- 
Based  Singles  Network.  Users  log  on  to  SpotMeeting  via  PC,  smartphone,  PDA, 
etc.,  and  the  LBSN  "gives  them  access  to  other  singles  in  [their]  proximity." 
SpotMeeting  calls  this  "Mobile  Proximity  Dating."  We  call  it  “Taking  away  one  of  the 
best  parts  of  online  dating  —  distance  and  anonymity.” 

DocFinder:  3659 

Shaw  is  chief  cook  and  bottle  washer  of  Layer  8,  your  daily  home  for  the  best  of 
Network  World  Fusion  and  the  not-just-networking  news.  She  can  be  reached  at 
Iayer8@nww.com.  Shaw  and  colleague  Adam  Gaffin  are  sharing  chair-warming  duties 
until  'Net  Buzz  overlord  Paul  McNamara  returns  from  vacation. 


Industry’s  Only  Complete, 
Front- Accessible  Compact 
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Festlmn  Edge  X424 


SaL~rn  Hfr  Fasflron  Edge  X448 


Integral  Hot- 
Swappable  AC  Se  DC 
Power  Supplies  for 
Redundancy  and  High 
Availability 


Extensive  Security  and  DoS 
Protection  Capabilities 
Including  302. 1  x  and  MAC 
Authentication,  Dynamic  VLAN 
and  Security  Policies,  ACLs, 
and  Advanced  Network 
Monitoring 


Advanced  Layer  2  Features, 
Upgradeable  to  Full  Layer  3, 
Including  RIP,  DSPF,  BGP,  PIM 
DM,  PIM-SM,  DVMRP, 

AND  I  G  M  P 


Fastlron  Edge  X-Series  switches  let  you  do  more  with  less — less  size,  less 
money,  yet  more  capability.  Compact  form.  Immense  capabilities.  10  Gigabit 
Ethernet  performance  from  edge  to  core  at  a  price  you  can  afford.  They  are 
purpose-built  to  deliver  w  ire-speed  Gigabit  and  10  Gigabit  Ethernet  performance  to  workgroup, 
server  farm,  edge  aggregation,  small  medium  enterprise  backbone,  and  cluster  computing 
networks  at  prices  that  bring  the  power  and  scalability  of  10  Gigabit  Ethernet  w  ithin  reach  for 
enterprises  large  and  small,  fastlron  Edge  X-Series  switches  deliver  24  or  48  ports  of 
pa'  |00  |  ooo  with  4  combo  SI  I ’  ports,  phis  optional  I  or  2  ports  of  lOGbl  .  fastlron  Edge  X- 
Scries  sw  itches  give  you  the  lowest  total  cost  of  ownership  and  the  best  investment  value  of  any 
comparable  sw  itch  on  the  market,  ( let  a  competitive  edge — get  a  fastlron  Edge  X-Series  switch, 
t  all  1 .888  1 1  IsBOl  AN  Direct  +1  4o8.5S(>.  I  TOO)  or  Www.tbundrv 'networks. com  fox 


The  Power  of  Performance 


HP  multifunctional  products  can  make  you  more  productive— our  free  MFP  strategy  guide  shows  you  how.  Each  of  these  workhorses  can  do  the  job  of  three 
machines— printer,  copier,  scanner— in  one.  Some  fax  too.  Using  HP's  Digital  Sending  Software  (optional  on  the  HP  LaserJet  9055mfp  and  HP  LaserJet 
9065mfp),  you  can  scan  and  send  directly  to  e-mail  or  network  folders,  depending  on  the  model.  Choose  from  a  wide  range  of  devices  to  find  the  one 
that  fits  your  organization,  whether  you're  a  small  office  or  large  department.  By  actively  managing  your  overall  fleet,  you  could  save  up  to  30%  on  overall 
operating  costs  as  well  as  save  time  on  maintenance  and  supplies  management.  With  our  MFPs,  you  get  more  than  a  printer  or  copier.  And  with  HP  and  our 
authorized  dealers,  you  get  more  than  hardware— you  get  service,  support  and  expert  advice.  How's  that  for  multifunctional? 


HP  LASERJET 
4100mfp/4101mfp 

Fully  integrated  printing  and  copying 
solution  for  small  workgroups 

•  Up  to  25  ppm  print/copy  speed  (black) 

•  Print,  copy,  color  scan,  digital  send  and  fax 
(optional  with  4100) 

•  1,600  sheet  maximum  input  capacity 


HP  LASERJET 
9000mfp/9000Lmfp 

High-performance,  versatile  printing  and 

copying  for  large  workgroups 

•  Up  to  50  ppm/40  ppm  print/copy  speed 
(black) 

•  Print,  copy,  color  scan,  digital  send  and 
optional  faxing 

•  Up  to  1 1 "  x  17"  media  capable,  optional 
finishing  includes  multi-position  stapling  and 
saddle-stitch  booklet  production 


Mail-in  rebates  available  on  these 
two  models.41 

Rebates  not  available  in  the  state  of  Connecticut. 


HP  LASERJET 
9055mfp/9065mfp 

High-volume,  high-performance  copying 

and  printing  for  large  departments 

•  Up  to  55  ppm/65  ppm  print/copy  speed 
(black) 

•  Copy,  print,  scan,  standard  duplex  and 
optional  digital  send 

•  Optional  4,000-sheet  input  tray,  three-hole 
punch  and  cover  inserter 

•  Up  to  12"  x  18"  media  capable 

FREE  Digital  Sending  Software 
(HP  DSS  3.0  Workflow) 


A  free  MFP  strategy  guide 

and  information  on  current 
offers  are  yours  for  the  asking. 


CALL 

800-888-3127 

CLICK 

hp.com/go/mfppromotions 

VISIT 

your  local  HP  reseller 

invent 


■Rebate  offers  good  on  HP  9000mtb/HP  9000Lmfp  purchases  made  between  5/1/04  and  10/31/04.  Rebates  are  subject  to  change;  check  the  HP  Web  site  at  www.hp.com/go/hotdeals  tor  most  current  rebate  otters  and/or  additional  rebate  otters.  ©2004  Hewlett-Packard  Development  Company,  L.P. 


